Q: What does it cost to use the DigiCert Certificate Inspector?
ANSWER: During the introductory period, customers and non-customers can access the Certificate Inspector at no cost.
Q: Do I need to be a DigiCert customer to use the DigiCert Certificate Inspector?
ANSWER: During the introductory period, anyone can use it. The only requirement is that you sign up for a DigiCert account.
Q: Why do I need a DigiCert account?
ANSWER: The DigiCert account is required as part of the authentication process so an initial validation of users can be performed to keep Certificate Inspector limited to White Hat use. Moreover, the account allows us to create a data set for you, where you can store the information from your scans.
Q: Is the DigiCert Certificate Inspector compatible with Windows?
ANSWER: Yes, you just need to download and install the Windows Agent.
Q: Is the DigiCert Certificate Inspector compatible with Linux?
ANSWER: Yes, you just need to download and install the appropriate Linux Agent (32-bit DEB, 32-bit RPM, 64-bit DEB, and 64-bit RPM).
Q: What is an SSL Certificate Endpoint?
ANSWER: An SSL Certificate Endpoint, also referred to as an SSL Endpoint or SSL Termination Endpoint, is an IP/Port combination that is running SSL.
Q: What is a DigiCert Certificate Agent?
ANSWER: The DigiCert Certificate Agent, also referred to as a Registered Agent or Scan Agent, scans your certificates and endpoints, and provides an overall analysis of your certificate deployment status and areas requiring remediation. The agents also allow you to install, renew, and replace SSL Certificates from within Certificate Inspector.
Q: What does the DigiCert Certificate Inspector do?
ANSWER: The Certificate Inspector provides you with an overview of your entire SSL Certificate environment to help you manage and maintain a secure network by doing the following:
  • Establish your security baseline with a real-time, comprehensive overview of SSL certificates and your termination endpoints across the entire network.

  • Detect vulnerabilities via scanning for problematic certificates or server configurations and easily review results using Certificate Inspector’s intuitive dashboard.

  • Analyze security data points either aggregate or specific to each certificate and endpoint.

  • Mitigate discovered vulnerabilities, such as BEAST, and lack of compliance with industry guidelines such as the CA/Browser Forum Baseline Requirements, through recommended steps.

  • Renew expiring certificates through DigiCert’s express provisioning process.

  • Archive snapshots from each detection event to document improvements over time.

  • Run reports from any location with DigiCert’s cloud-based administrative controls.

Q: How does the DigiCert Certificate Inspector process work?
ANSWER: The Certificate Inspector works as follows:
  1. First, the Certificate Inspector verifies your identity.

    1. You use the credentials from your DigiCert account to sign in and use the Certificate Inspector. Later in the process, you are required to use these credentials again.

    2. If you are a DigiCert customer, you should already have a DigiCert account.

    3. If you are not a DigiCert customer, then you must sign up for a DigiCert account.

  2. Then, you download and install the DigiCert Certificate Agent on your computer.

    1. The agent is used to discover your SSL Certificates and SSL Certificate Endpoints and analyze them for vulnerabilities and weaknesses.

    2. You need to install the agent on the computer from which you plan to scan your other servers.

    3. Because this computer is part of your internal network, you are able to analyze your internal-facing servers.

  3. Next, you register the DigiCert Certificate Agent.

    1. You use your credentials from your DigiCert account to register the agent.

  4. Then, you choose the servers that you want to scan.

  5. Finally, you can view the results of the scan and take any necessary actions.

    1. The Certificate Inspector provides you with an easy-to-use dashboard that allows you to view the status of your environment.

    2. The Certificate Inspector also provides you with Business Intelligence-style reports that allow you to drill down into your certificates and endpoints to discover and fix trouble areas.

Q: What types of things does the DigiCert Certificate Inspector check for?
ANSWER: The Certificate Inspector scans for the following:
  1. SSL Certificate Vulnerabilities:

    • Name mismatches
    • Internal names
    • Missing fields and values
    • Misconfigured fields
    • SHA-1 hashing algorithm
    • Weak hashing algorithms
    • Weak keys
  2. Expired/Expiring SSL Certificates

  3. SSL Certificate Endpoint Vulnerabilities:

    • BEAST (Browser Exploit Against SSL/TLS)
    • BREACH (Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext)
    • CRIME (Compression Ratio Info-leak Made Easy)
    • Insecure TLS Renegotiation
    • SSL 2.0 Protocol enabled
    • Weak Cipher suites
Q: How does the DigiCert Certificate Inspector benefit me?
ANSWER: The Certificate Inspector is an automated process that reduces human error and saves you valuable time and energy by simplifying the SSL Certificate security and management process.
  • Establish your security baseline with a real-time, comprehensive overview of SSL certificates and your termination endpoints across the entire network.

  • Detect vulnerabilities via scanning for problematic certificates or server configurations and easily review results using Certificate Inspector’s intuitive dashboard.

  • Analyze security data points either aggregate or specific to each certificate and endpoint.

  • Mitigate discovered vulnerabilities, such as BEAST, and lack of compliance with industry guidelines such as the CA/Browser Forum Baseline Requirements, through recommended steps.

  • Renew expiring certificates through DigiCert’s express provisioning process.

  • Archive snapshots from each detection event to document improvements over time.

  • Run reports from any location with DigiCert’s cloud-based administrative controls.

Q: How do you ensure the privacy and security of my data?
ANSWER: DigiCert employs a multi-tenancy architecture and an authentication process that requires you to use your DigiCert account credentials to login and access the Certificate Inspector. You also must use your DigiCert account credentials to register the agent.
Q: What is multi-tenancy architecture?
ANSWER: In multi-tenancy architecture, the data between customer accounts is virtually isolated. Each individual user has their own data set, which means that your data is isolated from and invisible to other users.