Pro Tips with Esben #23
This week we take a look at a new recent feature. Certificate scanning. As the name suggests it allows you to scan certificates and the associated details so let's dive into what we can find.
To start off, a quick introduction. Certificate scanning was introduced in Lansweeper 9.5 back in April 2022. It scans all certificates that are in the Local Computer store of Windows computers.
Four built-in reports were also added, so it might be interesting to check those as well. They are named as follows.
- Windows: Local computer certificates
- Windows: Local computer certificates expiring in 14 days
- Windows: Local computer certificates that are expired
- Windows: Local computer certificates that are self-signed
Windows Certificates Overview
While the default report can give you a complete list of all certificates, it does exactly that. Every certificate on every machine, line per line. While that can be useful to use filters at the top of the report to find something specific, going through thousands of records doesn't really provide a quick and easy overview.
Instead, I've created an overview report that gives you a count per certificate, so you know how many of each certificate is around in your IT environment.
Unfortunately, report linking isn't supported for certificate data, so if you want to find out on which machines a specific certificate is, you'll have to filter the built-in computer certificate report.
Self-Signed Certificates Overview
Self-signed certificates are very popular due to how easy it is to issue them and their flexibility. However, these certificates aren't vetted via a trustee process and most importantly, if compromised, the CA cannot revoke them. Lastly, thanks to how easy it is to create one, most security teams have no way to know how many there are and how the private key is stored.
To help with these problems, the built-in report on self-signed certificates will already help, but similar to the regular overview, I've created an overview with a total count to cut down on the number of rows to make it manageable.
If you create a dashboard for certificates, having some chart reports might also be useful. So I've created a few you can use to keep things in check.
- Chart: Self-signed vs not self-signed
- Chart: Signature algorithm used
- Chart: Certificate expiration month
Technical Product Evangelist at Lansweeper Maximizing IT Asset Management proficiency by empowering end-users to take full advantage of their toolset.