IIS-Hosted SSL/TLS Certificate Discovery
Earlier releases did not discover SSL/TLS certificates bound to Internet Information Services (IIS) websites on Windows servers, so certificates attached to HTTPS bindings were not visible in the CMDB. Deep Host Scans now detect IIS automatically, extract SSL/TLS certificate details from HTTPS bindings, and store them in the Certificate Inventory. No manual configuration is required.
Discovered certificate details
For each SSL/TLS certificate bound to an IIS HTTPS binding, the Deep Host Scan captures the following details:
| Attribute | Description |
|---|---|
| Name | The friendly name or subject identifier of the certificate. |
| Issuer | The certificate authority that issued the certificate. |
| Validity date | The date from which the certificate is valid. |
| Expiry date | The date on which the certificate expires. |
Where the certificates appear
Discovered certificates are stored in the Certificate Inventory and can be reviewed alongside certificates discovered through other scan sources. After a successful Deep Host Scan on a Windows server that runs IIS, navigate to the Certificate Inventory to view the newly discovered SSL/TLS certificates and their attributes.
Note: IIS detection and certificate extraction are performed automatically during a Deep Host Scan. No additional configuration, credential, or scan-profile change is required.