Easily Find SSL Certificates in Your Network

Can you remember how many SSL Certificates you have, who you bought them from, or when each of them expires?

We know that it can be difficult to keep track of all of the certificates on your network. That’s why our SSL Discovery Tool lets you scan an internal network or a range of public IP addresses to see details about every certificate in use, including their expiration dates and the issuing Certificate Authority.

The Discovery Tool is available for free to anyone, not just DigiCert customers. Simply enter your information below and we will send you a link and activation code so you can get started. For more information, see our frequently asked questions page.

Enter Your Information
Enter your information below and we'll email you a download link and an activation code. The DigiCert Discovery Tool is free to download and use.

With the Discovery Tool, you will:

  • Save valuable time and resources
  • Avoid mistakes from manual SSL tracking
  • Manage your SSL certificates in a single location
  • Find all the SSL certificates on your network, domain, or range of IP addresses
  • Know when your certificates expire
  • Renew your certificates with a single click
  • See the issuer/CA of your certificates

About the Tool

With the SSL Discovery Tool you can perform manual and automatic scans. Manual scanning lets you search your network by a list of hosts or IP ranges or by a Host Group. Auto scanning allows you to schedule periodic scans at specified intervals (daily, weekly, or monthly) in order to detect and be notified of changes to your active certificate inventory. Both manual and automatic scans give you a detailed report of their findings. The report will show all the certificates found in the scan, which CA issued the certs, their expiration dates, and other information such as certificate key size, certificate type, common name, SAN names, and organization information.

SSL Certificates are supposed to make life easier, so don't let managing them make your life more difficult. Use the DigiCert SSL Certificate Discovery Tool to simplify your certificate management process. This tool is available for free and, unlike competitors' discovery tools, is available to anyone who needs it—not just our customers.

* Hardware Requirements: PC running Windows Vista or later

How Does the SSL Discovery Tool Work?

The Discovery Tool scans run in two phases. During the first phase, all domain names are resolved into IP addresses. For example, if you entered digicert.com a DNS look-up will be queried on digicert.com and all common subdomains such as www.digicert.com. An MX (mail exchange) look-up will also be performed on the domain to include all of your mail severs.

During phase two, a TCP connection will be made for each port entered and each IP address gathered during phase one. To make the scan quicker, multiple simultaneous connections will be made up to the number specified in your mac connection settings. For each connection, the SSL/TCP protocol will be performed in as few handshake messages as possible to gather SSL Certificate information. Once all the ports and IP addresses have been checked, the list of discovered certificates is sent either to your DigiCert Management Console (for customers) or to a custom report (for noncustomers) for you to review.


Does DigiCert Offer Any Other Free Tools?

Yes! Below are a few more free DigiCert tools:

What if I Find a Bug or Have a Suggestion?

Send an email to feedback@digicert.com. We'd love to hear from you! Or, just pick up the phone and give us a call. Our customer support is available 24 hours a day Monday–Thursday, 12am–7pm on Friday, and 7am–3pm on Saturday (MST).