Scan IP Range for Certificates

[jimdurr]

I know the "Website" wizard uses the check_xi_service_http_cert to look at certificate expiration dates. Does anyone have a suggestion for scanning an IP range using that check? I know there's the auto-discovery option, but that doesn't use the cert check.

Thoughts?

Jim

[scottwilkerson]

I don't really think this is possible because a certificate is for a host.domain and not for an IP address

[jimdurr]

That's a good point. So I tested the Website wizard by entering the IP rather than host name and the Cert comes up green even just checking against the IP. While it wouldn't be ideal to have a bunch of hosts listed with IP rather than hostname (which is how everything else is listed), it would at least allow me to focus on the hosts that have certificates and then re-run the Website wizard pointing at the hostname that is associated with the IP that returned a cert check.

Does any of that make sense?

[scottwilkerson]

I guess if you have your certificate attached to catch anything on the IP it would and only EVER had 1 certificate per IP, but what if you have many certificates assigned to virtual hosts?

Either way, I don't specifically know of any way to set these up for bulk scanning.

[jimdurr]

All right, I'll figure something out, thanks for looking at it.

[scottwilkerson]

All right, I'll figure something out, thanks for looking at it.

Sounds good.

Best of luck!