For the larger organization with hundreds or thousands of servers, the CSG™ can conduct unobtrusive network scanning using the Certificate Discovery Search Engine™ [CDSE™] to determine the location and number of SSLs in the organization. This is an invaluable scanning service that can be used during the initial installation of the CSG™ to get an overall ‘view’ of your organization total SSL requirements and it can also be used to monitor SSL usage on a regular basis.
Depending on your environment, and during the installation of the CSG™ appliance, the CDSE™ service can be configured and enabled to meet the specific security policies of your network. During all scanning sequences, the AACD™ Control Centre will display the status of the specific scans that are running:
If required, the scanning service within the CSG™ can be disabled if it is not required by your organization. Regardless of how you choose to configure the scanning service, the information will be the same for most organizations and will provide results like those in the table below:
DSSA™ Monitoring
The CSG™ also provides statistics using a pie chart to graphically represent the percentage of different SSL Certificates in use in the environment (for this to function correctly, the CDSE™ facility must be enabled). This is valuable, high level, management information that can be used to how many SSL vendors currently supply your organization and the impact if specific vendor relations were to be canceled and replaced with the more dominant vendors.