# Discovery and Inventory Discovery and Inventory are the starting point for effective Certificate Lifecycle Management - and they're often where organizations realize just how much they didn't know about their own certificate estate. You can't secure or govern what you can't see. Certificates get deployed across servers, cloud services, load balancers, containers, applications, devices, APIs, and code repositories, frequently without centralized oversight. Unknown, unmanaged, or forgotten certificates are where operational and security risk accumulates. A cert issued three years ago by a developer who has since left the company, sitting on a forgotten load balancer - that's a real scenario, and it's why discovery matters. CERTInext addresses this with automated discovery mechanisms and a centralized certificate inventory that delivers continuous visibility across the entire certificate landscape. #### Certificate Discovery Discovery is the process of identifying certificates and associated keys wherever they exist, regardless of how or when they were issued. CERTInext performs discovery across heterogeneous environments to locate certificates that may have been provisioned manually, by legacy systems, or entirely outside standard workflows. CERTInext discovery capabilities include: • Network-based discovery of TLS certificates on servers, endpoints, and load balancers • Discovery across cloud and hybrid environments • Identification of certificates deployed in applications, middleware, and APIs • Detection of certificates on devices, appliances, and IoT environments • Correlation of discovered certificates with their issuing Certificate Authorities Discovery can run continuously or on-demand, so visibility stays accurate as environments change rather than becoming a stale snapshot. #### Certificate Inventory The inventory is the centralized, authoritative record of all certificates known to CERTInext. Each discovered or issued certificate is cataloged with complete contextual and operational metadata, creating a single system of record for certificate management. The inventory typically includes: • Certificate type and usage • Issuer, trust anchor, and certificate chain • Validity period and expiration timelines • Key algorithm, size, and age • Deployment location and associated endpoints • Lifecycle status (active, expiring, expired, revoked) • Ownership and responsible team or application • Policy and compliance indicators This unified inventory replaces spreadsheets and fragmented tools with consistent, actionable data that actually stays current. #### Why Discovery and Inventory Matter • Risk Reduction - Identify unknown or unmanaged certificates before they expire or become vulnerable. • Operational Efficiency - Accurate inventory data is what makes automated renewal, replacement, and remediation workflows reliable. • Governance and Compliance - Support audits and policy enforcement with complete, accurate records rather than best-guess estimates. • Scalability - Manage certificates across thousands of endpoints and multiple trust models without relying on manual tracking. In CERTInext, discovery continuously feeds the centralized inventory, keeping certificate data current and actionable. For instance, if a new server is spun up with a self-signed certificate that was never registered in any tool, continuous network-based discovery will surface it - giving your team a chance to remediate before it becomes a compliance finding or an expiry incident. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/getting-started/key-concepts-and-terminology/discovery-and-inventory.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.