Cryptosense FAQ 

Certificate Discovery

What kinds of certificates can CAP detect?

CAP software contains an extensive parser for x.509 certificates and detects all formats including der or pem, encrypted or unencrypted certificates: PKCS#12 ( .p12, pfx), PKCS*7 (.p7b, .p7c, .p7), PEM (.cer, .crt, .der, .pem).

Where does CAP look for certificates?

CAP scans both on filesystems, and while dynamically tracing applications. The filesystem scanner detects encrypted keystores even if it cannot decrypt them. The CAP application tracer can also detect certificates inside the encrypted keystore if the application loads it.

What kinds of certificate stores can CAP detect?

CAP can detect different certificate stores such as Java key stores (.jck, .jks, .cacerts, .jceks) In addition, CAP's filesystem scanner can parse the certificates inside JKS, CACERTS and JCEKS keystores even without the keystore password.

Can CAP detect certificate usage?

Yes, CAP can identify certificate usage from the appropriate usage attributes in the x.509 certificate, and in addition, CAP application tracers can see exactly what operations certificates are used for inside applications.

Can CAP identify and build a certificate chain and identify self-signed certificates?


Does CAP have an out-of-the-box integration with Venafi?

Yes, we are a Venafi development partner and have a native integration that allows exchange of data in both directions, i.e. enriching of the CAP inventory scans with certificate data from Venafi TPP, and sending of orphaned certificates detected in CAP scans to Venafi TPP.

Get the CAP Datasheet

CAP is a complete cryptography management platform. By combining analysis of cryptography throughout your infrastructure it gives you powerful insight into how you use cryptography with multiple business benefits.