[1] As an additional feature of the CSG™ [2], it has a Certificate Discovery Search Engine™ [CDSE™] that can be enabled or disabled as required. The CDSE™ uses a non-invasive search algorithm that specifically searches on port 80 and port 443 only to determine if any SSL Certificate is present on the server. The heuristic function of the algorithm ranks each step based on the information on these ports in order to make a decision in relation to the presence of the SSL and then displays its details in a .csv list format for further use.
This non-invasive search engine can be ‘invited’ into your network on request and this requires specific security protocols to be followed by the Network Administrator to ensure that permission is granted according to the strictest of security practices.
The most common use of CDSE™ is when the CSG™ is installed inside your network where it poses no threat to the network’s security. The scan is activated internally by your Network Administrator and by virtue of this fact it is conducted in consideration of internal network policies and security. The CDSE™ is supplied as part of the standard installation of the CSG™ and if this capability of the system is not required, it can be disabled easily.
Links:
[1] https://www.digi-sign.com/downloads/download.php?id=aacd-digi-ssl-pdf
[2] http://www2.digi-sign.com/aacd/certificate+service+gateway