FireDaemon Certify One 4
Helping you verify the confidentiality, integrity, authenticity, and availability of encrypted communications.
Encrypted network communications using Transport Layer Security (TLS) protects users and organisations from exposing confidential in-transit data. It is imperative that individuals and businesses deploy and maintain valid and up to date SSL / TLS certificates on critical infrastructure including websites, login panels, forms, application servers, and wherever any other form of secure client / server communication is required. Verifying validity and tracking TLS certificate expiry can be challenging. FireDaemon Certify One is designed to assist you verifying and validating SSL / TLS certificates by scanning and reporting on the status of endpoints offering encrypted services. FireDaemon Certify One is based on OpenSSL.
Features at a Glance
Web browsers and devices in general have become much stricter regarding handling TLS certificates. All major browsers will warn or block access to sites where the TLS certificate or certificate chain is invalid. Certificate lifespans have been reduced. Hence, it's important to be able to audit and report on certificate validity to ensure the certificate chain is intact and test whether certificates have been revoked or expired. Similarly, access may be blocked to a website if the certificate chain of trust (i.e. all certificates including the root CA certificate and any intermediate certificates) is incomplete, mis-ordered, revoked, or expired. FireDaemon Certify One provides the following:
Scan Multiple Targets
You can add multiple targets to scan. A target requires you to provide an IP address or hostname, port, and service type.
Graphical Scan Target Report
The Certify One Dashboard provides four graphs including Endpoint Status (targets organised by certificate validity), Certificates by Issuer (targets organised by Certificate Authority), Scan Result History (historical scan information), and Expiring Leaf Certificates (targets organised by certificate age).
Tabular Scan Target Report
The Certify One Scan Targets provides a tabular report on endpoints including hostname, port, resolved IPv4 and IPv6 addresses, validity, last checked date and time, certificate expiry date and time, TLS protocol, and cipher. One a per target basis you can review the details of the last scan, connection details, and connection log which includes DNS lookups and certificate verification. You can also hover over each target to obtain a summary of the last scan.
Scan Target Actions
If you right click on any target, the Target Actions context menu will be displayed where you can create a new target, edit or delete the existing target, clone an existing target, include/exclude the target from being scanned, view the certificate chain, initiate scans, delete the scan results, import and export targets.
You can edit the scan schedule to automate target scanning. Scanning can be scheduled to occur on a daily, weekly, or monthly basis at specific times and dates.
Whenever a manual or scheduled scan takes place, you can have a summary report sent to your inbox via email. This is configured in the Options dialog available via the FireDaemon Certify One hamburger menu.
Command Line Scanning
FireDaemon Certify One provides a simple command line interface (SSLClient.exe) for you to quickly check the certificate validity of a target or verify DNS CAA records.
FireDaemon Certify One utilises the FireDaemon OpenSSL Binary Distribution cryptographic library.