Product Guide – Network SSL Certificate Scanner 2025

Product Guide - Network SSL Certificate Scanner 2025
April 2, 2018
in Software User Guide, Support Center
No Comments
7963

Contents

About

XenArmor Network SSL Certificate Scanner is the fastest & most advanced software to find all the expiring, self-signed, vulnerable, rogue SSL certificates in your local network or internet.

It comes with multiple scan methods like Single host scan, Network scan, File IP List Scan, Custom Port scan to help you quickly find all SSL certificates in your network.

“Fastest SSL Scanner based on our proprietary Half SSL Scanning Method”

Benefits

Here are the main benefits,

  • All-In-One SSL Scanner: Scan all types of SSL services like HTTPS, LDAPS, SMTPS, FTPS etc
  • Fastest SSL Cert Scanner: Powered by our proprietary “Half SSL Scanning” Method
  • Expired SSL Cert Finder: Discover all the expired or expiring SSL certificates in your network
  • Network Scan: Full SSL scan of all the 256*256*256 (*.0.0.0/8) hosts in one go
  • File IP List Scan: Save time by scanning known list of domain or multiple range of IP addresses
  • Custom Port List Scan: Find custom or hidden SSL services with single or multiple range of ports scan
  • Command-line Version: Directly run SSL certificate scan from your custom scripts/programs
  • Automation of SSL Scan: Periodically run SSL scans to find expiring SSL certificates before time
  • Email Scan Report: Get detailed HTML report of every SSL scan directly into your email
  • Database Storage: Automatically store each scan results to database for future use
  • SSL Scan SNI Support: Find SSL certificate of domains/websites running on shared IP address
  • Hidden SSL Discovery: Find secret/rogue SSL services in your network
  • SSL Security Analysis: Detects all Expired, Self-Signed, Rogue or Vulnerable SSL SSL Certificates
  • Online SSL Tools: Right click menu for deeper SSL security analysis using top online tools
  • Download SSL Certificate: Right click menu to quickly view or save SSL certificate to disk
  • Scan Settings:Fine-tune scan speed, timeout as per local network traffic
  • Display Scan Status: Shows current SSL scan details with progress bar
  • Multi-colored Display: Helps in quick identification of expiring/expired/vulnerable SSL certificates
  • Export Scan Report: Backup entire SSL scan data to HTML, CSV, XML, JSON or SQLite file
  • Portable Unlimited Edition: Run on Unlimited PCs from USB disk without installation or activation
  • EV Certified by SECTIGO: Trusted by Microsoft SmartScreen & Top Antivirus
  • All Windows Support: Works on all Windows platforms from Vista to Windows 11 (32-bit & 64-bit)

Requirements

XenArmor Network SSL Certificate Scanner works on both 32-bit & 64-bit platforms starting from Windows Vista to Windows 11.

Here are the specific details,

  • Installation Size: 8 MB
  • RAM: 4 GB+ Recommended
  • Operating System: Windows 11,10,8,7,Vista, Windows Server 2022,2019,2016,2012,2008 (32-bit/64-bit)

Installation

XenArmor Network SSL Certificate Scanner comes with standard windows installer which allows seamless installation & un-installation.

Launch the setup file and follow on-screen instructions to complete the installation as shown below,

After installation, it will launch your software showing activation screen as follows,

Anytime, you can uninstall it directly from the Windows Add/Remove Programs.

How to Use?

XenArmor Network SSL Certificate Scanner is the fastest & advanced scanner. It helps you to easily perform Single Host scan, Network scan, File IP List scan or Custom Port list scan with a click of button.

Important: Make sure to run it as Administrator, otherwise input options & scan settings will not be saved due to permission issue and you have to enter it everytime. Another solution is to re-install it to %localappdata% location or non-system location instead of %programfiles%.

Note: For old 2022 edition user guide click here

Below are detailed information for each type of SSL scanning operation,

Single Host SSL Scan

Quickly single domain name or ip address as shown below. Also now you can enter port list with specific port numbers and range to scan.

Network SSL Scan

Network Scan allows you to scan 256*256*256 Hosts (*.0.0.0/8) in one go as shown below. Also now you can enter port list with specific port numbers and range to scan for each IP address.

To optimize scanning performance, make sure to configure Scan & Timeout Settings

File IP List SSL Scan

This is one of the advanced feature which allows you to scan only selected list of systems in your network. This is very useful when you have your servers scattered across different subnet or internet making the scanning operation faster and efficient.

You can specify list of specific domain names, IP address or range of IP address (in both regular and CIDR format) in the file as shown below,

#this is a comment
#scan single IP address or domain name
google.com
xenarmor.com
192.168.0.100
#
#scan IP address range in CIDR format (190.168.5.1-190.168.5.255)
190.168.5.0/24
#
#scan IP address range for 255 * 255 hosts
192.168.1.1-192.168.255.255
#

To start the File IP Scan, first click on “Start Scan”. Then in the input dialog, check “File (IP List)” scan and select input file to begin the scan as shown below. Also now you can enter port list with specific port numbers and range to scan for each IP address.

Note: This feature is available only in Premium & higher editions.

Custom SSL Port List Scan

This new advanced feature allows you to find custom or hidden SSL services with single or multiple range of ports.

Now for any type of scan (single, network, file IP list, command-line) you can enter list of specific ports (E.g: 443, 636, 500-600, 900) as shown below,

In addition to selectively scanning only SSL services, it is also useful in finding any rogue or hidden malicious SSL services running in your network.

Note: Port list feature is available only in Premium & higher editions. For Basic Edition, only single port number can be specified.

Right Click Menu Options

Right click context menu allows you to quickly perform many useful tasks like,

  • View/Save SSL Certificate
  • Visit Website for Host
  • Launch Online SSL Analysis Tools
  • Copy full row or selected fields

You can also double click on each entry to view the SSL Certificate.

Settings

Settings panel allows you to configure various settings to optimize your SSL scan.

Note: Command-line version automatically uses all these settings.

Below is the detailed information for each of the Settings.

Scan Settings

Here you can set Timeout settings to optimize your scans based on your network traffic conditions (like local subnet or over Internet)

Below are the recommended settings for local or Internet scan,

  • Local Network/Subnet
    • Check ‘Ping Each Host before SSL Scan’ (if Ping enabled in your network)
    • Timeout for Ping: 20 ms
    • Timeout for Network Operations: 1,000 ms
  • Internet
    • Disable ‘Ping Each Host before SSL Scan’
    • Timeout for Ping: 200 ms
    • Timeout for Network Operations: 3,000 ms

TIP: Reduce the Timeout value for Network operations until you see time out error in the scan results. Finally, set this value and add extra 500 ms to take care of network traffic fluctuations.

Next setting, “Find Host Name for Every IP Address” helps you to enable/disable Domain name resolution. This is good for local network but for Internet scan this may take lot of time.

Also to speedup the scan further, you can set “Maximum Number of Scanner Threads”. Default value is 50 and maximum Thread count is 200.

Database Settings

XenArmor Network SSL Certificate Scanner helps you to store each SSL scan results to local SQLite database file.

You can enable/disable Database feature, via setting ‘Automatically store every scan results to database…’ as shown above & set the appropriate folder location. Later, you can view each scan results by clicking on “Open DB” button.

Note that for Command-line version, it is mandatory to enable this Database storage feature.

Email Settings

XenArmor Network SSL Certificate Scanner allows you to automatically send Email Notification with full report automatically for each scan. This is very useful if you are automating your SSL scan.

To enable/disable Email notification feature simply check or uncheck ‘Send email notification…..’ in the Setting dialog as shown above.

Once you enable it, you can set various Email settings and then click on ‘Test Email’ button to verify if the email is sent successfully or not.

Important Note: This feature uses password authentication (non-OAuth). So it will not work for email services (like Gmail) which enforce OAuth based authentication now.

Here is the real example of Email notification of SSL Scan summary along with attached report

If you want to receive report containing only expired/expiring certificate list then check “Include only expiring/expired…” at the bottom. Else you will receive the complete scan report (may exceed size allowed by your email service)

Note: This feature is available only in Premium & higher editions.

Migration from Old to New 2025 Version

If you are upgrading from old version to new 2025 then please note following things,

  • Launch your current software and copy the Settings options like Timeout, Database, Email (or take screenshot). Later, when you launch new 2025 edition, just copy these settings to new one & then optimize (v2025 is 50% faster than v2022)
  • Unlike old versions, new v2025 comes with both GUI & Command-line version in same exe file (NetSSLCertScanner.exe).
  • Command-line versions are slightly changed (mainly Port list). So make sure to change your existing scripts/automation accordingly.
  • File IP List Scan: now you can specify IP address range normally and in CIDR format (as mentioned here). You can use this to refine your old automations/scripts.
  • Port List Scan: Now you can specify list of specific ports in GUI/Command-line scan. You can use this to refine your old automations/scripts.

SSL Certificate Scan Report

XenArmor Network SSL Certificate Scanner helps you to generate detailed Scan Report in HTML, CSV, XML, JSON, SQLite format. On complete of scan, click on Report button and then select the Type of Report (HTML, CSV, XML, JSON) from the File Save Dialog.

Here is the sample HTML report,

Advanced Feature – SSL Certificate Security Analysis

XenArmor Network SSL Certificate Scanner performs security analysis of SSL Certificates discovered during the scan.

This helps you to easily discover Expired, Expiring, Self-signed, Rogue & Vulnerable SSL Certificates in your network. Also each of these certificates are represented in different color codes to easily identify it as shown below.

Here are more details on each threats and respective color codes,

  • Expired – SSL Certificate is already expired: Red Color
  • Expiring Soon – SSL Certificate expires within a month: Yellow Color
  • Vulnerable – SSL Certificate is vulnerable to MD5/SHA1 Attacks: Red Color
  • Self-Signed/Suspicious – SSL Certificate is self-signed or suspicious – Light Brown Color
  • Good – This is good SSL Certificate – Blue Color Text.

Same color codes are used in both GUI list as well as in HTML report.

Advanced Feature – Automatic Storing of Database

XenArmor Network SSL Certificate Scanner allows you to seamlessly store every scan results to local Database without any installation/setup of external database softwares.

You can enable/disable the same in Database Settings as explained here

Once enabled, each scan results with summary is stored in local file (with timestamp) in SQLite database format.

Anytime, you can click on “Open DB” button to load the file to view the scan results as shown below.

How to Use Command-line Version?

XenArmor Network SSL Certificate Scanner v2025 supports both GUI & Command-line version from same application. Cmdline version helps you to integrate SSL scanning in your scripts as well as automate SSL scan via Task Schedular.

Here are the screenshots of performing Network & File IP list scan using command-line version.

 

Here are the command-line options & examples

  • NetSSLCertScanner.exe [-o output_file] [-h host/host-range | -f iplist_file] [-p port_list]
  •  .
  • //Scan Single Host with HTML report
  • NetSSLCertScanner.exe -o output.html -h 192.168.5.1 -p ‘443,636’
  •  .
  • //Scan 192.168.1.*/24 Hosts at Port 443 with CSV report
  • NetSSLCertScanner.exe -o output.csv -h 192.168.1.1-192.168.1.255
  •  .
  • //Append (-oo) output report to existing CSV file
  • NetSSLCertScanner.exe -oo output.csv -h 192.171.0.1-192.171.255.255 -p 443
  •  .
  • //Scan 192.168.*.*/16 Hosts at Port 443 with XML report
  • NetSSLCertScanner.exe -o c:\output.xml -h 192.168.0.0-192.168.255.255
  •  .
  • //Scan list of Ports on Single Host with JSON report
  • NetSSLCertScanner.exe -o c:\output.json -h 192.168.5.1 -p ‘443,636,700-800’
  •  .
  • //Scan 192.*.*.*/8 Hosts with SQLite DB report
  • NetSSLCertScanner.exe -o c:\output.db -h 192.0.0.0-192.255.255.255
  •  .
  • //Scan list of Ports in IP Address range with HTML report
  • NetSSLCertScanner.exe -o c:\output.html -h 192.168.0.1-192.168.0.255 -p ‘900-1000’
  •  .
  • //Scan from File having IP Address/Hostname list
  • NetSSLCertScanner.exe -o c:\output.html -f c:\iplist.txt
  •  .
  • //Scan from File having IP Address list for specific port range
  • NetSSLCertScanner.exe -o c:\output.html -f c:\iplist.txt -p 1-1024

By default it will generate report in HTML format. You can specify csv, xml, json or db extension to output file to generate report in CSV, XML, JSON or SQLite format respectively.

Command-line version automatically uses the same Timeout, Database & Email notification options configured through Settings in Network SSL Certificate Scanner GUI version.

Note: Command-line version is available only in Premium & higher editions.

Automation of SSL Certificate Scan

Command-line Version helps you to easily automate periodic SSL certificate scanning operation.

Also you can enable “Send Email Report” feature (via Settings) to send complete scan report to your email. In addition to this, you can enable “Database Storage” feature (via Settings) to store each scan results to local database file for future reference.

Here are simple steps to automate SSL scanning process using Windows Task Scheduler,

1) Launch Windows Task Scheduler from Administrative Tools in Control Panel. Next click on “Create Basic Task” on right side panel as shown below,

2) On the Basic Task page, enter name as ‘Network SSL Certificate Scan’. On next page select ‘Daily or Weekly or Monthly’ with appropriate Time settings as per your need.

3) Next on the ‘Action’ Page, click on Start Program and then enter command & arguments as shown below,

4) Finally click on Finish button to schedule the automatic SSL Scanning operation.

Make sure to configure the Timeout, Database & Email options through Scan Settings.

Version & Release History

Note: To get download link of latest update please contact our support team with your order details.

Version 12.0 (2025 Edition): 11 Jul 2025

Grand 2025 edition with faster scan, lower memory usage and a more polished user experience

  • 50% Faster Performance – Fastest ever SSL certificate scan with 50% more faster than v2022
  • 70% Reduced Memory Usage – Optimized to consume far less memory compared to v2022.
  • File IP Range Support – File IP List now supports CIDR notation and standard IP ranges.
  • Port List Feature – Specify individual ports or ranges for targeted scanning.
  • Unified Application – Single EXE file for both GUI and command-line usage.
  • Integrated SSL Analysis Tools – Right-click menu now includes 7 online SSL diagnostic tools.
  • TLS v1.2 Compatibility – Added necessary extensions to support modern server requirements.
  • Fixed TLS v1.1 Issue – Resolved TLS v1.1 multiple packet merging issues.
  • New User-Friendly Input – Simplified scan data entry with new input dialog
  • Redesigned GUI – Enhanced interface for a smoother and faster scanning experience.
  • Command-line Version – Enhanced with new port list and IP address range (File IP list) feature
  • Upgraded HTML Report – Improved readability with better field sizing and color-coding for SSL analysis.
  • Modern Installer – Streamlined installation and uninstallation process.
  • Edition Renaming – “Personal” and “Enterprise” editions are now Basic and Premium for clarity.
  • EV Certified – Signed with a new SECTIGO EV Certificate, trusted by MS SmartScreen & top antivirus
  • Updated OS Support – Dropped Windows XP support. Now works on all Windows OS from Vista to Windows 11

Version 11.0 (2022 Edition): 29th May 2022

Mega 2022 release supporting new Windows 11 platform. Here are the major updates,

  • (GUI & Command-line) Support scanning of all 256*256*256 (*.0.0.0/8) hosts in one click
  • Faster SSL scanning operation with various speed optimizations
  • (GUI & Command-line) File Scan now supports 100,000 hosts (previously 25k) in single file
  • Domain name resolution now made multi-threaded leading to faster scan
  • Send Email Report in both HTML & CSV format
  • SSL/TLS Cipher Suites updated with latest ones
  • Displays “Serial Number” of certificate in all reports & database
  • Added Thumbprint (SHA1 Hash) of certificate to database store
  • Display scanning host details like OS version, IP address and machine name
  • (GUI & Command-line) Displays scan progress during the operation
  • Scan Settings: Disabled PING by default & Timeout is set to 30ms
  • Scan Settings: Added ‘Thread Count’ option to fine tune performance
  • Scan Settings: ‘Find Host Name’ option to enable/disable Domain name resolution
  • Scan Settings: Option to send only expiring/expired certificates list in Email report
  • Personal Edition: Support scanning all 256*256*256 hosts in one go.
  • Personal Edition: Generate scan reports in all formats
  • Personal Edition: Enabled SSL Security analysis
  • Personal Edition: Shows scan results in multi-colored display
  • Fixed receive buffer size issue with ssl certificate retrieval
  • On start, finds local IP address/subnet & set it for Network Scan
  • Enhanced GUI interface, icons, banner, radio button clicks etc
  • Upgrade: Directly upgrade to higher edition using exclusive offer link
  • Enhanced & Separate License activation for different editions
  • Digitally signed with latest company security certificate from Sectigo
  • Changed UAC manifest setting (GUI => highestAvailable Cmdline => AsInvoker)
  • Supports latest Windows 11 operating system (32-bit & 64-bit)

Version 10.0 (2020 Edition): 21st Aug 2020

Major release with important update for SSL certificate retrieval from TLS v1.2 server.

Version 9.0 (2020 Edition): 28th Dec 2019

Mega 2020 edition featuring Portable Unlimited Edition, Portable Settings, Faster Scan Engine & New Enhanced GUI Design.

Version 8.0 (2019 Edition): 13th Apr 2019

Major digital signature based release supporting SSL server with TLS v2.0. Also enhanced SSL scan report in XML/JSON/SQLite format.

Version 7.5 (2019 Edition): 13th Feb 2019

Major release with changes in Editions, Pricing & features. Now it supports for getting SSL certificate from old TLS v1.0/TLS v1.1 only SSL Servers. Also added new scan report formats like XML & JSON in both GUI & command-line versions.

Version 7.0 (2019 Edition): 30th Nov 2018

Mega 2019 edition with Email Notification of Scan Report, 200+ New SSL Cipher Suites, Scan Domain with SNI feature, Domain based File List Scan, Perform Online SSL Analysis & many more enhancements.

Version 6.0 (2017 Edition): 26th Jul 2017

Mega 2017 edition with one click database integration, 130+ new SSL cipher suites, SSL certificate vulnerability analysis, Report in HTML & CSV format, IP List File Scanning Feature GUI & Command-line version

Contact XenArmor

Have any more queries or need any technical clarification? Just write to us at support@xenarmor.com and you will have response within 24 to 48 hours.

For more details visit home page of XenArmor Network SSL Certificate Scanner


Recommended Posts