Venafi Professional Services has created the following Regular Expression (RegEx) that may be used in Certificate Placement Rules to identify common vendor-issued certificates. These are certificates that often come pre-installed or are generated on common network equipment, printers, etc., that are commonly found on a network during a Network Discovery.
As the picture below depicts, the rule should be set so that the Issuer DN Matches Regex. This expression may be updated occasionally. If you have any improvements or suggestions, please leave a comment.
(?i:o=(?:.*(AirMagnet|American|APC|Aruba|Avaya|Avocent|Mergepoint|Cisco|Citrix|Dell|EMC|EndRun|Foundstone|Hitachi|Hewlett|HP|IBM|Imperva|Infoblox|Isilon|LANDesk|Liquidware|Lexmark|McAfee|MANDIANT|Opsware|Palo|Pivotal|Riverbed|SolarWinds|Sourcefire|Splunk|Datadomain|VMWare)).*)
The following site can be used to test any additions to the above RegEx that you may want to add;
Comments
Just to add some more detail here, this regular expression should be set to match against the "Issuer DN"
Customers upgrading to TPP 19.1 should note that this Regex may not be imported properly. Symptoms of this include seeing extra question marks and quotes in the placement rule. Details will be logged in .\Program Files\Venafi\Logs with the file name starting with "Migration Warning".
You can just delete the old Placement Rule and recreate it using the string provided in this article.
Thank you! This is exactly what I needed!