Skip to content

Discover other TLS server endpoints

In addition to validating certificates, the Validate Now feature can help you discover additional TLS server endpoints associated with certificates in your inventory. It does this by extracting the common name and DNS SANs automatically from your selected certificates and then discovers any additional TLS server endpoints.

For the discovery process, Validate Now relies on your existing VSatellites for internal discovery and on Scanafi for external discovery.

It's all automated for you. Simply select one or more certificates and then run Validate Now.

Discover TLS server endpoints using Validate Now

  1. Sign in to Venafi Control Plane.
  2. Click Inventory > Certificates.

  3. On the Certificates page, switch to the Certificate Details view.

  4. Find one or more certificates by doing one of the following:

    • To search for a specific certificate, enter the certificate details in the search bar at the top.
    • If you had created and saved a filter for your certificates, click the Filters list and select your saved filter.
    • To manually filter the list, click Filter next to the search bar to enter the attributes you want to include in the filter, and then click Apply.
  5. Select one or more certificates, and then click Validate Now.

  6. Following validation, click the TLS Server Endpoints tab for each certificate to view all discovered server endpoints.


    The Scan Type column shows you how a TLS server endpoint was discovered: either through a validation scan or through a specific discovery service. Values that can appear in the Scan Type column include:

    • Domain: Indicates that the TLS server endpoint was discovered using a domain-based discovery service.
    • External: Indicates that the TLS server endpoint was discovered using an external network discovery service.
    • Validation: Indicates that the TLS server endpoints was discovered using validation rather than a discovery service.