CAP software contains an extensive parser for x.509 certificates and detects all formats including der or pem, encrypted or unencrypted certificates: PKCS#12 ( .p12, pfx), PKCS*7 (.p7b, .p7c, .p7), PEM (.cer, .crt, .der, .pem).
CAP scans both on filesystems, and while dynamically tracing applications. The filesystem scanner detects encrypted keystores even if it cannot decrypt them. The CAP application tracer can also detect certificates inside the encrypted keystore if the application loads it.
CAP can detect different certificate stores such as Java key stores (.jck, .jks, .cacerts, .jceks) In addition, CAP's filesystem scanner can parse the certificates inside JKS, CACERTS and JCEKS keystores even without the keystore password.
Yes, CAP can identify certificate usage from the appropriate usage attributes in the x.509 certificate, and in addition, CAP application tracers can see exactly what operations certificates are used for inside applications.
Yes, we are a Venafi development partner and have a native integration that allows exchange of data in both directions, i.e. enriching of the CAP inventory scans with certificate data from Venafi TPP, and sending of orphaned certificates detected in CAP scans to Venafi TPP.
CAP is a complete cryptography management platform. By combining analysis of cryptography throughout your infrastructure it gives you powerful insight into how you use cryptography with multiple business benefits.download