1. Field of the Invention
The present invention relates to computer networks. More particularly, the present invention relates to discovering, analyzing, cataloging, inventorying and monitoring digital certificate information for digital certificates installed on a network.
2. Background Information
A need exists to discover, analyze, catalog, inventory and monitor digital certificates installed on a network. In particular, if an administrator is not aware of the existence of a digital certificate on the network, the administrator is unable to avoid or resolve problems relating to the digital certificate. For example, network operations can be disrupted because a digital certificate on the network is issued by an untrustworthy certification authority. Additionally, network operations can be disrupted when no effort is made to renew an expiring digital certificate on the network. Furthermore, even if the administrator is aware of individual digital certificates installed on the network, the administrator does not have a tool to catalog, inventory, monitor and otherwise manage the digital certificates. As a result, untrustworthy or expiring digital certificates may cause significant disruption to network operations.
Currently, a digital certificate installed for an address on a network is issued by a certification authority. The digital certificate is provided to a client when the client contacts a server for an application that requires the exchange of sensitive information. For example, Secure Sockets Layer (SSL) communications involve a client contacting a server to access a particular application. The server provides the digital certificate to the client. The client may analyze the digital certificate information in real-time to determine whether the digital certificate is from a trusted certification authority. Additionally, the client may analyze a digital certificate in real-time to determine whether the digital certificate has expired. However, the SSL analysis occurs only in the context of attempting to authorize access to the application, and not to discover or manage the digital certificate.
Additionally, a user of a computer may install a digital certificate to ensure the security of communications such as emails. When the user generates a message, the user provides the digital certificate information with the message so that a recipient of the message can verify the source and contents of the message. However, the digital certificate analysis occurs only in the context of verifying the source and contents of the message.
Accordingly, digital certificates are provided to ensure the security and trustworthiness of information provided by an application or in a message from a user. However, an administrator does not have a tool to discover, analyze, catalog, inventory and monitor the digital certificates installed on a network for applications and users.
Accordingly, a need exists for a method and apparatus for scanning an address range in a computer network by contacting at least one destination to discover digital certificates so that the digital certificates can be analyzed, cataloged, inventoried and monitored. Additionally, a need exists for a method and apparatus for analyzing, cataloging, inventorying and monitoring digital certificates that are discovered.
To solve the above-described problems, a method and apparatus are provided for discovering, analyzing, cataloging, inventorying and monitoring digital certificates.