Skip to content

Using Venafi VSatellites and Discovery Services to discover certificates on your internal networks

Venafi VSatellites are a new, novel and critical part of Venafi as a Service, Venafi's cloud-native machine-identity management service.

VSatellites extend the reach of your Venafi as a Service account beyond publicly accessible networks and hosts, to your on-premise/private cloud networks and machines, enabling you to develop the full picture of your machine identities across your organization, irrespective of public or private visibility.

This topic guides you through the entire process, from VSatellite deployment to discovery and validation of certificates discovered in your on-premise/private cloud networks and machines.

If you want to learn more about how VSatellite works before you continue, click here.

First things first

In order to get a VSatellite connected to your Venafi as a Service account, you'll need to download and run a binary setup utility on a Linux computer within your target network. But remember, we'll walk you through this here.

In the meantime, identify the target computer where you'll install VSatellite and make sure it meets the minimum system requirements:

  • Ubuntu LTS 16.04.7 or later
  • CentOS 7.9 or later
  • 4 GB RAM
  • 2 CPUs
  • 10 GB disk-space


Venafi as a Service enables multiple user roles, including PKI Administrators and System Administrators, to install VSatellite and pair them with your Venafi as a Service account. This is by design since using VSatellites enables users assigned varying roles the ability to discover and manage certificates found behind your firewall.

Let's get started

Click each step to go to the relevant task and then come back here for the next one.

  1. Create a new VSatellite
  2. Create a new Discovery Service and install and run Scanafi
  3. Following discovery, review the Certificate Inventory
  4. Configure your Discovery Service schedule
  5. Review and confirm successful certificate validations