MMC Certificate Discovery via Agent-Based Scan
MMC certificate data from agent-based Windows scans was previously not reaching the CMDB because the sensor used fragile line-by-line regex parsing (missing entries and truncating multi-line distinguished names) and the server had no handler to consume the payload. The sensor has been rewritten as a state machine that tracks location, store, and certificate context, appends continuation lines, and skips empty entries. A new server-side handler persists the certificate data to the database.
Problems and fixes
The following root causes were addressed:
| Problem | Fix |
|---|---|
| The sensor parsed each line in isolation, so certificates were missed or duplicated. | Rewritten as a line-by-line state machine that tracks location, store, and certificate context. |
| Multi-line Subject and Issuer DNs were truncated. | The state machine appends continuation lines to the previous field. |
| The server had no handler for the MMC certificate payload. | A new discovery-service block reads the payload and persists the data to the database. |
Where the fix appears
The corrected certificate data is visible in the following locations:
| Location | What changed |
|---|---|
| CMDB > Windows Host CI > MMC Certificates tab | Certificates from all locations and stores appear with correct Subject, Issuer, Thumbprint, and validity dates. |
| Server-side ingestion | MMC certificate data is stored in the database instead of being silently dropped. |
Note: No action is required. Upgrade to the patched agent and server release, then re-run agent-based scans to populate certificate data.