Deploying certificate audits

By default, certificate audits are scheduled to run daily. If you need to refresh a certificate audit on one or more endpoints, you can deploy a certificate audit package.

You can also configure port exclusions if you want Certificate Manager to ignore server certificates on a specific listening port.

Deploy a certificate audit package

  1. From the Main menu, go to Administration > Content > Packages and search for Certificate Audit.
  2. Select Certificate Audit [Non-Windows] or Certificate Audit [Windows] and then click Deploy Action.
  3. In the Deployment Package section, configure the following details.
    1. (Optional) If you do not need increased details around listening ports and ciphers, clear the Enable Listen Port Scan option.
    2. Select a Log Level.
  4. In the Targeting Criteria section, choose an option to target one or more endpoints and then click Show Preview to Continue.

    To run the certificate audit on all endpoints, select Tanium Certificate Manager for Action Group. For more information, see Configure the Certificate Manager action group.

  5. Verify the list of targeted endpoints and then click Deploy Action.

Verify that a certificate audit completed successfully

  1. From the Main menu, go to Administration > Actions > Action History and search for Certificate Audit.
  2. Select one or more actions that correspond with the Certificate Audit [Non-Windows] or Certificate Audit [Windows] packages and click Show Status.
  3. In the States of machines section, verify that the status is Completed.
    For more information about action states, see Tanium Console User Guide: View action status.

If you are not seeing expected results in the Certificate Manager reports, see Unexpected certificate audit results.

Configure certificate port exceptions

You can add or delete port exclusions by deploying the following packages:

  • Certificate Audit Add Port Exclusions [Non-Windows]
  • Certificate Audit Add Port Exclusions [Windows]
  • Certificate Audit Delete Port Exclusions [Non-Windows]
  • Certificate Audit Delete Port Exclusions [Windows]

Add port exclusions

  1. From the Main menu, go to Administration > Content > Packages and search for Certificate Audit.
  2. Select Certificate Audit Add Port Exclusions [Non-Windows] or Certificate Audit Add Port Exclusions [Windows] and then click Deploy Action.
  3. In the Deployment Package section, enter the Ports to Exclude.
  4. In the Targeting Criteria section, choose an option to target one or more endpoints and then click Show Preview to Continue.

    To add the port exclusion for all endpoints, select Tanium Certificate Manager for Action Group. For more information, see Configure the Certificate Manager action group.

  5. Verify the list of targeted endpoints and then click Deploy Action.

Delete port exclusions

  1. From the Main menu, go to Administration > Content > Packages and search for Certificate Audit.
  2. Select Certificate Audit Delete Port Exclusions [Non-Windows] or Certificate Audit Delete Port Exclusions [Windows] and then click Deploy Action.
  3. In the Deployment Package section, enter the Ports to no longer exclude.
  4. In the Targeting Criteria section, choose an option to target one or more endpoints and then click Show Preview to Continue.

    To delete the port exclusion for all endpoints, select Tanium Certificate Manager for Action Group. For more information, see Configure the Certificate Manager action group.

  5. Verify the list of targeted endpoints and then click Deploy Action.

Although the Certificate Audit Port Exclusions sensor displays the updated exclusions, the port exclusions do not take effect until after the next certificate audit runs. You can either Deploy a certificate audit package manually, or wait until the next Certificate Audit [Non-Windows] and Certificate Audit [Windows] scheduled actions run.