Dashboard

The Discover Certificates Dashboard provides a centralized view of certificate discovery activity and results. It allows users to quickly review discovery status, bot activity, and certificate-related metrics from a single page.

All dashboard tiles and counters are clickable and navigate to detailed views where applicable.

Fig: Discover Certificates Dashboard

Discovery Section

The Discovery section at the top of the dashboard explains the purpose of certificate discovery in CERTInext. It focuses on automatically locating, tracking and analyzing certificates across servers, load balancers and applications. This section highlights how CERTInext provides centralized visibility into discovered certificates, including their status, vulnerabilities and issuing authorities. This information helps teams manage certificate lifecycles and maintain compliance.

This section allows you to discover certificates using automated bots.

• Bot Overview

  • Total Bots → Shows the number of configured discovery bots.

  • Active → Bots currently running and monitoring certificates.

  • Pending → Bots awaiting setup or approval.

  • Stopped → Bots that are not currently running.

  • Create Bot → Use this option to add a new discovery bot.

Fig: Bot Overview

• Bot Discovery Results

  • Certificates

    • Discovered → Total certificates identified per end point. (Configured for the scan)

    • Vulnerable → Certificates flagged for security issues.

    • Expiring Soon → Certificates nearing expiration.

    • Expired → Certificates already expired.

    • Add Certificate → Option to manually add certificates using different options.

    • Error Stats Count → Number of scan errors or failures recorded during bot execution.

• Certificate Authorities (CA)

  • Total Certs → Number of CA-issued certificates.

  • Expiring Soon / Expired → Status of CA certificates.

  • Key Store Certificate → Certificates stored in key stores.

  • Add CA Cert → Import or register CA certificates.

Fig: Bot Discovery Results

CT Log Monitoring

This section helps track Certificate Transparency logs to identify new or changed certificates issued for your domains. This module continuously monitors public CT logs to detect newly issued or modified certificates associated with your domains. It provides visibility into unauthorized issuance and shadow certificates. Certificate Transparency logs are monitored only for domains registered and validated in CERTInext.

• CT Scan Metrics

  • Domains → Number of domains being monitored.

  • Subdomains → Number of subdomains being monitored.

  • Add Domain → Option to add additional domains for monitoring.

  

Fig: CT Scan Metrics

• Certificate Scan Results

  • Discovered → Total certificates identified through CT logs.

  • Expired → Certificates that have already expired.

  • Expires in 60 Days → Certificates nearing expiration.

  

Fig: Certificate Scan results

The Monitor Certificate Transparency Logs feature helps you keep track of SSL/TLS certificates issued for your domains. By enabling CT log monitoring, you can receive alerts whenever a new certificate is detected, ensuring better visibility and protection against unauthorized certificates.

Select Domains

• Enter or select the domain you want to monitor.

• Only pre-verified domains available in your account can be chosen.

Include Subdomains (Optional)

• Check this box if you also want to monitor all subdomains under the selected domain.

• A notification confirms that you are allowed to monitor CT logs for all pre-verified domains available in your account.

• Save → Enable CT log monitoring for the selected domain.

1. Add New Domain

• Click on + Add New Domain to register a new domain for CT log monitoring.

• Option available to include/exclude sub-domains.

1. Search Domains

• Use the Search option to quickly locate domains from your monitoring list.

1. Domain Monitoring Table

The monitoring dashboard displays the following columns:

• Domains → The registered domain name being monitored.

• Included Sub Domains → Indicates if sub-domain monitoring is enabled (Yes/No).

• Certificate Count → Number of SSL/TLS certificates issued for the domain (clickable for details).

• Status → Displays monitoring status (Enable).

• Action → Option to Delete CT Log for the selected domain.