Follow

Placement Rule RegEx for Default Vendor Issued Certs

Venafi Professional Services has created the following Regular Expression (RegEx) that may be used in Certificate Placement Rules to identify common vendor-issued certificates. These are certificates that often come pre-installed or are generated on common network equipment, printers, etc., that are commonly found on a network during a Network Discovery.

As the picture below depicts, the rule should be set so that the Issuer DN Matches Regex. This expression may be updated occasionally. If you have any improvements or suggestions, please leave a comment.

(?i:o=(?:.*(AirMagnet|American|APC|Aruba|Avaya|Avocent|Mergepoint|Cisco|Citrix|Dell|EMC|EndRun|Foundstone|Hitachi|Hewlett|HP|IBM|Imperva|Infoblox|Isilon|LANDesk|Liquidware|Lexmark|McAfee|MANDIANT|Opsware|Palo|Pivotal|Riverbed|SolarWinds|Sourcefire|Splunk|Datadomain|VMWare)).*)

Regex.png

 The following site can be used to test any additions to the above RegEx that you may want to add;

.Net RegEx Tester

Was this article helpful?
1 out of 1 found this helpful

Comments

  • Avatar
    Brian Durkin

    Just to add some more detail here, this regular expression should be set to match against the "Issuer DN"

  • Avatar
    Brian Durkin

    Customers upgrading to TPP 19.1 should note that this Regex may not be imported properly.  Symptoms of this include seeing extra question marks and quotes in the placement rule.  Details will be logged in .\Program Files\Venafi\Logs with the file name starting with "Migration Warning".

    You can just delete the old Placement Rule and recreate it using the string provided in this article.

    Edited by Brian Durkin
  • Avatar
    Jorge Rodarte

    Thank you! This is exactly what I needed!