Run Scans to Discover Certificates

Scan your assets to discover certificates installed on your environment's host assets. Certificates can be discovered using VM/VMDR . Qualys Cloud Agent is used to scan certificates on the registry  or certificate manager console.

To initiate a scan, go to Assets > External Sites and click Scan corresponding to the desired FQDN or IP Address.

Certificate View runs scans for all saved sites periodically and fetches data. In the Last Scan column, you can view when the site was last scanned.

Run Scans from VM/VMDR

You can run scans or schedule scans from VM/VMDR, if you have a trial or a full subscription of Certificate View.

Go to VM/VMDR > Scans > Scans > New > CertView Scan and choose your scan settings.

We recommend the SSL Certificates profile to get started. You can easily configure a profile with the various scan options, i.e. what ports to scan, whether to use authentication and more.

Cloud Agent Configuration to Discover Certificates

Using Qualys Cloud Agent, you can retrieve the leaf certificate present on your target machine in the registry or certificate manager console. Qualys Cloud Agent scans the certificates, and you get the certificate details. For more details on installing the cloud agent, refer to Cloud Agent for Windows guide. 

Pre-requisite

• Contact your Technical Account Manager or Qualys Support to activate this feature. 

• Install Windows Agent.

Note:

• Currently, Certificate View supports Windows Agent only.

• Certificate View displays certificates that are installed on the Windows machine only.

Following are the steps to run scans from Cloud Agent:

1. Download the agent installer.

2. Install the agent.

3. View the certificates in Certificate Tab.

Follow these steps for detailed procedures:

Download the Agent installer.

1. Log into the Qualys Cloud Platform and select CA for the Cloud Agent module.

2. Choose an activation key (create one if needed) and select Install Agent from the Quick Actions menu.

To create an activation key.

Go to Cloud Agent > Agent Management > New Key.

You can also generate New Key from the Activation Keys tab.

Provide a Title, select the Vulnerability Management module from Provision Key for these applications section, and click Generate.

3. Click Install instructions next to Windows (.exe).

The Agent installer is downloaded to your local system, and in the UI, you can see the associated Activation key ID and Customer ID.

4. Copy and paste this to a safe place; you need it to complete the installation manually or through software distribution tools.

For more details on activation keys, refer to Manage Activation Keys.

Install the Agent.

1. Copy the Qualys Cloud Agent installer onto the host where you want to install the agent.

2. Run the command or use a systems management tool to install the agent as per your organization's standard process to install the software.

> QualysCloudAgent.exe CustomerId={xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx} ActivationId={xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} WebServiceUri=<platform_url>/CloudAgent/

Once installed, an agent connects to the Qualys Cloud Platform and provisions itself.

The agent is now listed in the Agents tab.

By default, the agent runs the scan every 4 hours, and you can view the scans performed in the Certificates tab of Certificate View.

Note: You can create a customized Configuration Profile and assign the profile to your Cloud Agent. For more details on assigning configuration profiles, refer to Cloud Agent Online help.

View the certificates in Certificates Tab.

You can use a search query to find the certificates that are scanned through VM (Vulnerability Management) or Qualys Cloud Agent.

For example, instance:(sources: QAGENT)

To view the certificate details, go to View Details from the Quick Actions menu. Go to the Hosts tab.

You can view the details of assets with sources as VM or Qualys Agent. The certificate scanned through VM has  icon. The certificate scanned through Qualys Agent has  icon.

Cloud Agent scans do not support remote discovery, and hence the discovery of ports, protocols, services, grade, and grade summary are shown empty for certificates scanned through Qualys Agent.

QID is the unique Qualys ID number assigned to the vulnerability. A set of SSL certificate QIDs is always used for CertView scans. For QID details,  refer the following topic  Vulnerability tests (QIDs) for CertView Scans   

To know more about running and scheduling CertView scans from VM/VMDR, go to VM/VMDR > Scans > Scans and look up CertView scans in the online help.