Discover SSL Certificates for Sub-domains with AppViewX
Managing SSL certificates is indeed tedious and time-consuming. Adding to it, ensuring effective or up-to-date record keeping also poses a problem. If your organization has many sub-domains and/or is provisioning new sub-domains at a faster rate, which has become a norm these days, tracking and managing can be very difficult for the IT admins.
With AppViewX’s proven certificate management solution, you can not only manage your entire certificate lifecycle but also obtain your complete list of sub-domains on the fly and discover the certificates associated with those sub-domains.
In this document, we will see how to discover SSL certificates dynamically for all the sub-domains (of a managed domain) with AppViewX’s advanced automation capabilities and eventually make them a part of the Certificate Lifecycle Management (CLM).
To understand how AppViewX achieves automation, we will go over the two key stages.
Stage 1: Get the list of all the sub-domains.
The sub-domain discovery is automated and integrated with AppViewX to perform the discovery (of domains and certs) with a few clicks.
AppViewX can discover the NS (NameServer) dynamically or with the help of the administrator.
Once the NS details are available, AppViewX performs an AXFR lookup on the multiple NS and parses the list of all the subdomains.
We at AppViewX understand the criticality of a zone transfer and ensure that the AXFR details are not stored.
Also, the domain admins can authorize AppViewX to perform a zone transfer from the NS by whitelisting the AppViewX server on the desired NameServers.
AppViewX can do the zone transfer from all leading DNS products [BIND, Windows DNS, F5 BIG-IP (ZoneRunner and DNS Express)]
Example of whitelisting on vendors:
For Windows in DNS Manager, check the properties for the desired domain and allow AppViewX to perform a zone transfer.
For Linux BIND, append the AppViewX node IP in the ACL that is used for the domain to restrict the transfer.
For F5, allow AppViewX in Zone Transfer Clients for seamless DNS Express configuration.
Stage 2: Discover SSL Certificates.
With the sub-domain details handy, AppViewX CERT+ performs the discovery on the acquired sub-domains and populates the certificates that are mapped to them.
AppViewX also enables the user to give a range of ports as an input to the admin to perform the discovery in case domains are using SSL on custom ports.
With Appviewx, the IT administrators can perform the crucial task of discovering and maintaining SSL certificates while bringing them into the Certificate Lifecycle Management system within minutes.
