Internal network discovery allows to scan network ports to detect SSL/TLS certificates by a range of IP addresses. You can detect, observe and manage certificates from a chosen range of IP addresses.

For the internal scan to successfully run, you need to create an agent first. A lightweight network utility that will monitor your internal network and send results to the GlobalSign CIT. To create an agent:

  1. Open Discovery page and click the “agent” folder.
  2. Create a new agent by pressing “Create”.
  3. Indicate your agent’s name and choose the operating system.
  4. Download and run the agent on your machine or run the generated command in your command line to download binaries via terminal.

Now you can create an internal scan. Remember that the agent operates with a public part of your certificate.

To create an internal scan:

  1. Open Discovery page and create a new profile.
  2. Choose “internal” scan profile type, indicate the range of IP addresses
  3. Set all ports that you want to scan separated by a comma or by using a dash. We recommend using port 443. If you leave that field without any notes, GlobalSign CIT checks only default ports.
  4. Schedule regularity of refreshing scan results if you want to refresh the certificate list on a daily or weekly basis.


Find this module and set up everything related to it at

Learn How to run an external scan.