Overview

Internal network discovery allows users to scan network ports to detect, observe and manage SSL/TLS certificates by a chosen range of IP addresses. For the internal scan to successfully run, you need to create an agent, which is a lightweight network utility that will monitor your internal network and send the results to GlobalSign CIT.


Creating an Agent for Windows

  1. From your Dashboard, click Discovery
  2. Click Agents, and then click the blue + Create button. Agents
  3. On the next screen, name the agent and choose the Windows operating system.
  4. Click Download Windows agent, and then click Continue. Download Windows agent
  5. On the next screen, copy the provided token to your computer clipboard. This token will be used to activate the agent. It is recommended you save this token somewhere on your PC should the agent need to be reactivated. Active the agent to scan your network
  6. Open a CMD window on your PC. Paste the token copied in the previous step into the CMD window and press Enter. The agent will activate and poll your server every 5 minutes. CMD

Creating an agent for Linux

  1. From your Dashboard, click Discovery
  2. Click Agents, and then click the blue + Create button. Agents Linux
  3. On the next screen, name the agent and choose the Linux operating system.
  4. Click Download Linux agent, and then click Continue. Download Windows agent Linux
  5. On the next screen, copy the provided token to your computer clipboard. This token will be used to activate the agent. It is recommended you save this token somewhere on your PC should the agent need to be reactivated. Active the agent to scan your network Linux
  6. Open a CMD window on your PC. Paste the token copied in the previous step into the CMD window and press Enter. The agent will activate and poll your server every 5 minutes. CMD Linux

Creating an Internal Scan Profile

  1. Back in CIT, click Continue to finish the agent creation process and then click Create Scan Profile.
  2. Create an Internal Network Scan profile by selecting “Internal Network” from the Type of Profile field.
  3. Enter a name for your scan, the IP address(es), port(s), and schedule for running the scan. When finished, click Save Profile. Create Profile
  4. The screen will refresh to show your new scan profile. All Profiles
  5. In the CMD window, you will see your scan relaying its results to CIT. CIT
  6. When certificates are discovered, you will get an email from CIT. Results will populate automatically in your Dashboard/Inventory. Scan Discovery

Troubleshooting

If you get an email alerting you that your internal network scan failed to run, it can be due to a couple reasons:

  • The Agent was turned off (in the CMD window: Ctrl+C)
  • The CMD window was closed
  • The computer that hosts the agent lost internet connection
  • The computer that hosts the agent was turned off

If the agent has been offline for an extended period of time, you can reactivate the agent by using the token you saved during the agent creation process.

If you cannot locate your token, you will have to reinstall a new agent. You will not need to create a new internal scan profile, as the profile will automatically use the latest active agent.

 

Find this module and set up everything related to it at https://www.cit.GlobalSign.com/discovery/internal


Learn How to run an external scan.