Discover-Certificates function

Use the Discover-Certificates function as part of your onboard discovery strategy to discover certificates found on network devices.

You can use all of the functions available for provisioning in your script; but the Discover-Certificates function is applicable to the Adaptable onboard discovery. You pass in the same general hash table (see below) with all of the connection and credentials

General hash table variables
Variable Name	Data Type	Description
AssetName	String	The name used to uniquely identify the certificate that is provisioned to the device. Value is initially automatically generated using the following naming convention: <Common Name>_<ValidTo as yyMMMdd>_<Last 4 of Serial> for centrally generated CSRs <Common Name>_RGEN_<Current Date/Time as yyMMdd-HHmmss> for remotely generated CSRs AssetName can be overridden by several PowerShell functions if it is necessary for a particular device to use a different naming convention (e.g. to deal with string length or special character limitations).
AppObjectDN	String	Contains the Trust Protection Platform distinguished name (DN) of the calling application object.
AuxPass	String	The password portion of the Secondary Credential when a user name or a password credential is assigned, or the PKCS#12 password when a certificate credential is assigned
AuxPfxData	Byte Array	A PKCS#12 byte array that contains a client certificate and private key when a certificate credential is assigned as the Secondary Credential
AuxUser	String	The user name portion of the Secondary Credential when a user name credential is assigned
HostAddress	String	Contains the hostname or IP address specified by the device object.
TcpPort	Integer	A value containing the TCP port specified by the application object.
UserName	String	The user name portion of the user name or private key credential assigned to the device or application object. Used for authenticating with the device.
UserPass	String	The password portion of the user name credential assigned to the device or application object. Used for authenticating with the device.
UserPrivKey	String	The privacy-enhanced electronic mail (PEM)-formatted RSA private key portion of the private key credential assigned to the device or application object. Used for authenticating with the device via SSH.
VarBool1	Boolean	The value of the Yes/No (true/false) user-defined field as defined by the header at the top of the PowerShell script.
VarBool2	Boolean	The value of the Yes/No (true/false) user-defined field as defined by the header at the top of the PowerShell script.
VarPass	String	Contains the value of the password field as defined by the header at the top of the PowerShell script.
VarText1	String	The text contained in the user-defined field as defined by the header at the top of the PowerShell script.
VarText2	String	The text contained in the user-defined field as defined by the header at the top of the PowerShell script.
VarText3	String	The text contained in the user-defined field as defined by the header at the top of the PowerShell script.
VarText4	String	The text contained in the user-defined field as defined by the header at the top of the PowerShell script.
VarText5	String	The text contained in the user-defined field as defined by the header at the top of the PowerShell script.

Returns
Return	Data Type	Description
Result	String	Shows "Success" or "NotUsed" to indicate the non-error completion state.
Applications	Array of hashtables	An array of hashtables that include the following data for a certificate instance: Name: the name of the application object that uniquely represents this instance under the device object ApplicationClass: the schema class of the application object (optional, defaults to Adaptable App) If an invalid class is specified, then a Basic application is created and an error event is logged for the onboard discovery job. If a name collision occurs with a Basic application, it is then converted to the specified application class (if valid). For the Adaptable class and attribute names, see Adaptable Application object. For all other class and attribute names, see Web SDK Object class reference. DriverName: the value of the Driver Name attribute (optional for application classes that are built into Trust Protection Platform) PEM: the raw X509 certificate in base 64 encoded text format ValidationAddress: FQDN, hostname, or IP address where the server is presenting the certificate TIP If you want to disable SSL/TLS validation, simply do not specify a ValidationAddress. ValidationPort: TCP port on which the server is pre-sending the certificate (integer between 1-65535; defaults to 443) Attributes: a hashtable that specifies zero or more Config attribute name-value pairs to set on the application object If an attribute is not valid for the class, or the value is not a distinguished name (DN) for a DN attribute, then no value is assigned to the application and an error event is logged for the onboard discovery job.

For information about processing stages, see About certificate lifecycle management.