Output Format
The plugin generates certificate scan results in the following standardized format:
{
"type": "cert",
"timestamp": "2025-10-02T12:01:34-04:00",
"urn": "urn:cert:sha256:9bf5e2d39583fe759a2b2343ab0c449f6a27e98aaa4d00f241fa70800d8b83de",
"url": "https://example.com:443",
"cert_pem": "MIIFODCCBCC...",
"endpoint": {
"host": "example.com",
"port": 443,
"service": "https",
"service_vendor": "nginx",
"service_vendor_version": "1.20.1",
"cipher_suites": "TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256"
}
}
Output Fields
Field | Description |
|---|---|
| Asset type ( |
| RFC3339 timestamp of when the scan was performed |
| Unique resource name based on asset type (SHA256 hash for certificates/public keys, name-based for symmetric keys/secrets) |
| Direct link to Vault UI for the asset |
| Base64-encoded certificate (PEM without headers/footers) - certificates only |
| Base64-encoded certificate body (without PEM headers/footers or newlines) |
| Additional metadata (see Extra Fields section below) |
Endpoint Fields
Field | Type | Description |
|---|---|---|
| string | Host address or hostname where the certificate was discovered (from Tenable asset hostname or IPv4) |
| integer | Port number where the certificate was discovered (1-65535) |
| string | Detected service type (e.g., |
| string | Detected service vendor (e.g., |
| string | Detected service vendor version (e.g., |
| string | Comma-separated list of supported SSL/TLS cipher suites detected by Tenable plugin 21643 |
Note: The service_vendor, service_vendor_version, and cipher_suites fields are populated when Tenable successfully detects service information through plugins like 10107 (HTTP Server), 10263 (SMTP Server), and 21643 (SSL Cipher Suites). These fields may be empty if service detection data is not available.