Run Certificate discovery via Certificate Authority query

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Running Certificate discovery via Certificate Authority query allows for systematic identification and import of TLS certificates from specific Certificate Authorities, ensuring comprehensive tracking, management, and security of the certificate inventory. Discover TLS certificates from Certificate Authorities (CA) with Certificate Inventory and Management, using Patterns for diverse certificate authority vendors.

    Before you begin

    Role required: pki_admin or discovery_admin

    About this task

    In Certificate discovery, the Certificate Authorities (CA) pattern uses specific API elements. The user added to the instance credentials needs permissions for these queries. For more information on the Certificate Authorities (CA) pattern and the associated API elements, see Certificate authorities pattern API elements and permissions.

    Procedure

    1. Generate a credential alias if needed.
      For more information, see Credential aliases for Discovery. Create a new credential alias for new credentials. In case multiple credentials share the same alias, Discovery prioritizes the Credential and initiates the process.
    2. Create a new credential type specific to the Certificate Authority (CA).
      1. Navigate to Discovery > Credentials then select New.
      2. Select Certificate Management Credentials.
      3. To unlock the Credential alias list, select the lock icon.
        The alias is mapped to the credential.
      4. Select Specify Type: Credential.
      5. Select CA Type.
        The available CA types are: GoDaddy, Digicert, Entrust, or Sectigo.
      6. Fill in the fields that are specific to the CA type you selected.

        Each Certificate Authority (CA) requires specific form field entries. For more information, see API Key credentials.

    3. Create a Discovery schedule with the following fields.
      For more information on setting up your Discovery schedules, see Schedule a horizontal discovery.
      1. Select Discovery: Certificates.
      2. Select Certificate Discovery Type: CA Trust Discovery.
      3. Select MID Server selection method: Auto Select or Specific MID Server.
      4. Fill out any other necessary fields.
      5. Select Save.
    4. To add CA pattern you need, from the Serverless Execution pattern tab, select New.
      If you enable the Include cert status option, you can specify multiple certificate statuses by separating them with commas.
    5. Select Submit.

    Result

    When your Discovery schedule runs, it automatically scans your files.