Active and Passive SSL Discovery
How CertificateGuardian discovers and inventories SSL/TLS certificates across your hostnames.
CertificateGuardian uses a dual discovery approach to map your organizational certificate footprint.
Active Scanning (Probing)
Our active scanner resolves your configured target domains and initiates connection probes to retrieve active cert data:- Port Auditing: Audits standard HTTPS (443) and secondary ports (e.g., 8443, 9443).
- SSRF Safety: All scans pass through our loopback filtration layer to block unauthorized internal network probing.
- Rogue Cert Detection: Detects if a CA issues a certificate for your domains without authorization.
- Subdomain Discovery: Automatically appends newly discovered subdomains to your inventory draft.
Passive Scanning (Certificate Transparency logs)
We monitor live global Certificate Transparency (CT) feeds to find newly issued certificates for your domains:Was this article helpful?
Let us know if we can improve our support content.