Discover and analyze every certificate in your enterprise

SSL Certificates serve as the security backbone of the internet, securing billions of interactions annually. Yet, too often, system administrators fail to properly configure and install certificates, unknowingly leaving open vulnerabilities. DigiCert’s Certificate Inspector scans the user’s network detecting all certificates in use, their configuration and implementation, and then displays the results in an intuitive and interactive dashboard.

Using Certificate Inspector, security professionals can discover forgotten or neglected certificates, misconfigured certificates and identify potential vulnerabilities, such as weak keys, problematic ciphers and expired certificates. Our proprietary algorithm assigns grades to your certificates and their implementations, and provides a list of remediation actions.

Certificate Discovery

See how DigiCert Certificate Inspector works
  • Cloud based for easy administrative control regardless of your location.
  • Multi-tenancy ensures the privacy and security of your data.
  • Support for both Windows and Linux.
  • Identify all certificates on your public-facing domains, including every SSL termination endpoint.
  • Scan multiple networks and ports for internal certificates to find old certificates that have been neglected or forgotten.
  • Manage your discovered certificates by adding unique display names or other information.


Certificate Discovery

Scans all of the certificates in your enterprise, both external and internal, finding even the certificates that have been forgotten or neglected.

Vulnerability Scanning

Learn what hidden certificate vulnerabilities are lurking on your network and what steps need to be taken to eliminate weaknesses.


The easy-to-use dashboard provides a comprehensive overview of your certificate landscape, allowing you to quickly evaluate potential problems and vulnerabilities.


Customizable Business Intelligence-style reports that allow you to view the health of your entire network, or drill down into specific trouble areas.

Certificate Replacement

Replacing or renewing weak and expiring certificates has never been easier.

Vulnerability Scanning and Analysis

Each certificate and endpoint is given a letter grade (A-F) to indicate its overall level of security. Note that an endpoint, referred to as the SSL Termination Endpoint, is the IP/Port combination that is running SSL.

Advanced SSL analysis examines common problems or weaknesses, including:

  • Vulnerability to Heartbleed Bug, FREAK, Logjam, CRIME, BEAST, or BREACH attacks
  • Certificates with weak private keys: RSA keys under 2048-bit or ECC key under 233-bit
  • Expired or expiring certificate dates
  • Internal names
  • Missing fields and values
  • Misconfigured fields
  • Certificate name mismatch
  • Weak cipher suites, such as a cipher suite that uses 56-bit block ciphers or a 1024-bit key size
  • SHA-1 vs SHA-2
  • Broken chains
  • Insecure TLS renegotiations
  • Using or enabling the SSL 2.0 protocol
  • Using weak or broken hashing algorithms to generate certificates, such as MD5


  • View and analyze your data in sophisticated Business Intelligence-style reports.
  • Graphical representation of different certificate types for quick visual identification.
  • Reports are server side and not client-side parsing, resulting in comprehensive results for your entire environment.
  • Review high-level aggregate information for your entire network or drill down to the specific details for a single SSL termination endpoint.
  • Searching, sorting, and filtering of certificate and endpoint results, including:
  • Common names or display names of certificates
  • Date and time information for individual scans
  • Expired certificates and all upcoming expirations
  • The ability to delete previous scan information.
  • Download PDFs of certificate information and scan results.
  • Export CSV reports after filtering results.

What if I Have a Suggestion?

Send an email to We'd love to hear from you! Or, just pick up the phone and give us a call. Our customer support is available 24 hours a day Monday–Thursday, 12am–7pm on Friday, and 7am–3pm on Saturday (MST).