Cloud Platform
Cloud platform apps

Qualys Unveils CertView to Help Customers Manage SSL/TLS Certificates Across Global IT Environments

Addition of new app framework to Qualys Cloud Platform adds inventory and continuous visibility of SSL/TLS vulnerabilities in a ‘single pane of glass’ view, and assists in immediate remediation at scale

LAS VEGAS – Black Hat USA, Booth #899 – July 24, 2017 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced CertView, a new app framework in the Qualys Cloud Platform that helps customers to discover, assess and manage SSL/TLS certificates on a global scale to help prevent downtime and outages, audit and compliance failures, and mitigate risks associated with any expired and/or vulnerable SSL/TLS certificates on their business-critical systems. The first two apps in CertView include Certificate Inventory (CRI) and Certificate Assessment (CRA).

Qualys will showcase CertView and its two new Apps during Black Hat USA 2017 at booth #899.

Machines rely on X.509 certificates to communicate securely with each other both internally and externally, and this communication creates new attack surfaces — particularly amidst the rise of DevOps and public clouds. In order to stay ahead of this risk, organizations must automate visibility and tracking of their certificate deployments for DevSecOps. Qualys CertView allows them to do so by centralizing visibility of certificate vulnerabilities into their overall continuous view of security and compliance state, and by enabling customers to rapidly see and remediate expired or vulnerable certificates.

“While several offerings exist to discover X.509 certificates, most organizations rely on spreadsheet-based tracking methods and manual processes to keep track of certificates, resulting in many undocumented installations and increased exposure to risks,” said David Anthony Mahdi, Research Director, Gartner. “When using discovery tools, security leaders are often surprised by the amount of unknown certificates, from multiple certificate authorities (CAs) that exist in their environment.”1

“Thriving in today’s business environment requires constant and secure global communication and collaboration between machines-to-machines and people,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Qualys CertView delivers customers added visibility of this critical infrastructure layer as it grows, and allows them to more confidently achieve digital transformation securely - all from a ‘single pane of glass’ view, further consolidating their security and compliance stack in one unified platform and reducing costs.”

CertView initially consists of two new apps as follows:

The Certificate Inventory (CRI) app offers:

  • Discovery: Enabling infosec and other teams to continuously scan global IT assets from the same console to discover every certificate issued from any CA.
  • Inventory: Enabling reduced administrative costs by bringing the entire certificate estate under central control with comprehensive visibility of all certificates in use across DevSecOps, InfoSec and IT teams.

The Certificate Assessment (CRA) app offers:

  • Continuous Monitoring: Automation built into the Qualys Cloud Platform identifies critical issues, weaknesses and vulnerabilities and sends targeted alerts to DeveSecOps, InfoSec IT and IT teams.
  • Reports and Dashboards: Dynamic dashboards provide teams with a holistic and contextual view of their certificate estate, and power automatically created downloadable reports of certificate-related vulnerabilities, certificate expirations and non-compliant certificates across global IT assets.

Qualys CertView will be available in beta starting September 2017, with general availability in Q4. The initial release will include these two apps: CRI and CRA. Qualys is working to add full certificate lifecycle management into the single-pane view of the Qualys Cloud Platform. Future versions of CertView will add new apps to include back-end integration with major CAs and application servers, as well as workflows for policy enforcement.

Additional Resources:

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 120 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

1Gartner, Technology Insight for X.509 Certificate Management, David Anthony Mahdi, September 2016