DigiCert Certificate Inspector allows admins to scan and map their certificate landscape, check for vulnerabilities, and analyze the data through different reports.
However, Certificate Inspector will only report data that was given to it by it’s scanning agents. Certificate Inspector scanning agents can be configured to scan domains or IP ranges and specific ports. If you are not configuring the agent correctly, you may not be collecting as much data as you could be.
Port Scanning Recommendations
Many admins get stuck in the rut of only scanning the HTTPS port, port 443, not realizing that Certificate Inspector can scan more than that.
Below is a list of ports that that can be scanned using Certificate Inspector. The list below is not an exhaustive one, but we compiled it to help you think about how to use Certificate Inspector to more thoroughly scan your environment.
Communication Protocols
- Syslog-514, 6514
Hyper Transfer Protocol Secure (HTTPS)
- 443, 8080, 8443
LDAP
- 389, 636
Mail Protocols
- IMAP-143, 993
- POP3-110, 995,
- SMTP-25, 587
VPN Appliances
- LogMeIn-12975, 32976
- OpenVPN-1194
Web-based Interfaces
- SAP-5555
- Splunk-8000, 8089, 9997
Certificate Inspector is a powerful tool and can give you very detailed reports about security vulnerabilities in your environment. To learn about all the different vulnerabilities that Certificate Inspector can scan for, click here.