Skip to content

About certificate discovery

Where are the machines located that you want to protect? Are they inside of your organization's firewall (private), or are they out on the Internet (public-facing)?

Because server certificates are used both within private networks and out on the Internet, discovering and managing them requires a secure and flexible approach called discovery services.

There are three types of discovery services: Basic, Enhanced, and Internet.

Which service you choose depends on your needs.

  • Basic Discovery is a great option if you want to simply perform a quick certificate discovery inside your company's network that doesn't include automated validation.

    This discovery service type works together with Venafi's Scanafi utility to let you run manual discoveries. See Discovering private (internal) certificates.

  • Enhanced Discovery searches for certificates inside of your company's network according to a schedule (optional), and validates discovered certificates automatically.

    This discovery service uses VSatellite to run certificate discoveries according to a fixed schedule (optional) and performs validation for you (after they are added to the certificates inventory). This service is included in Venafi as a Service premium packages by default. See Discover private (internal) certificates.

  • Internet Discovery is a great option if you want to discover and protect certificates external to your company's private network.

    This service is created for you by default. But of course you can edit its name, add or remove targets, and change its discovery schedule. See Discover public (external) certificates.

Following certificate discovery, Venafi as a Service adds all discovered certificates to the certificates inventory (Inventory > Certificates). After the certificates are in the inventory, Venafi as a Service can run daily validations on them and highlights potential issues that could cause outages.


Last update: November 24, 2021