Certificates Library Overview
Overview
The Certificates Library aggregates all SSL/TLS certificates discovered via ASM, VM, cloud integrations, or network scanners. Each certificate entry includes:- Expiry details
- Signing authority
- Mapped domains or services
- Risk score & exposures
- Validity status
- Associations with other assets
Key Metrics & Analytics
Total Certificates
Number of certificates actively tracked in AIM.Expired Certificates
Certificates past their expiration date, posing both availability and security risks.Nearly Expired Certificates
Certificates approaching expiry thresholds defined by your organization (e.g., 30 days).Invalid Certificates
Certificates that fail cryptographic, trust-chain, or configuration validation.Certificate Validity Distribution
Shows how long certificates have before expiry:- < 1 Month
- 1–3 Months
- 3–6 Months
- > 6 Months
Validity Status Breakdown
Pie chart of:- Valid
- Expired
Certificate Signing Authorities
Distribution of CA providers such as:- Let’s Encrypt
- Cloudflare
- CertUnity
- Custom/Internal CA
Certificate Analytics
Search, Filters & Sorting
The certificate catalog supports powerful filters:| Filter | Description |
|---|---|
| Owners | Show certificates assigned to a specific user/team. |
| Risk | Sort by automated risk score. |
| Source | Filter by discovery adapters (ASM, VM, SSL scanners). |
| hasVulns | Show certificates linked with vulnerabilities. |
| Organizations | Filter by organization or CA issuing authority. |
| Date Range | Filter based on detection timeline. |
Certificate Table Columns
| Column | Description |
|---|---|
| Asset Value | Domain or service the certificate belongs to. |
| Source | The adapter that discovered it (e.g., sslcert). |
| Vuln Count | Number of vulnerabilities associated with this certificate. |
| Auto Risk | Automated risk score. |
| Owner | Responsible user or team. |
| Tags | Tags like SSL, Certificate, TLS. |
| Associations | Related assets (domains, IPs, APIs). |
| Detected On | First and last discovery timestamps. |
Certificate Full View
Certificate Detail View
Certificate Summary
| Field | Description |
|---|---|
| Certificate Value | CN / SAN or linked domain. |
| Validity Status | Valid / Expired / Invalid. |
| Expiry Date | Exact expiration timestamp. |
| Risk Score | System-generated based on expiry, CA, and associations. |
| Owner | Assigned user or team. |
| Environment | Based on asset mappings (e.g., Prod, Staging). |
| Lifecycle | First Found / Last Found timelines. |
Signing Authority Intelligence
AIM enriches each certificate with:- CA Name
- Trust chain analysis
- Issuer metadata
- Key size & algorithm
Associated Assets
Certificates automatically link to:- Domains
- Subdomains
- APIs
- IPs
- Applications
How Certificates Are Discovered
AIM identifies certificates using:- ASM Adapter – external scans & exposed endpoints
- VM Adapter – vulnerability correlation
- SSL Cert Adapter – certificate-specific discovery
- Cloud Integrations – Cloudflare, AWS ACM, etc.
Example Use Cases
🔐 Security Teams
Identify weak, expired, or untrusted certificates.⚙️ DevOps / Platform Engineers
Prevent service outages caused by certificate expiry.🛡 Compliance Teams
Ensure CA policies, key sizes, and renewal practices meet standards.🚨 Incident Responders
Investigate compromised or misissued certificates.Explore Live Demo
Explore AIM Live — No Signup Needed
Instantly explore how Snapsec AIM discovers, enriches, and tracks every asset in real time — all without creating an account.