Scenario
Sometimes certificates might be installed on your environment but not appear on the scan results.
Solution
You must check to see if the port that the certificate is installed on is closed or behind a firewall:
- There is an option to query closed and firewalled ports for a scan, this generates a one-time report for that scan run and lists ports that were found closed or firewalled.
To enable this option go to Discovery > Manage Discovery > Click on scan name > Scan settings > Advanced settings > Check the “Specify ports to scan to verify host availability” box:
- Run this command: openssl s_client-connect <URL or IP address>:<port>
eg. openssl s_client-connect www.digicert.com:443