Venafi Professional Services has created the following Regular Expression (RegEx) that may be used in Certificate Placement Rules to identify common vendor-issued certificates. These are certificates that often come pre-installed or are generated on common network equipment, printers, etc., that are commonly found on a network during a Network Discovery.
As the picture below depicts, the rule should be set so that the Issuer DN Matches Regex. This expression may be updated occasionally. If you have any improvements or suggestions, please leave a comment.
(?i:o=(?:AirMagnet|American Megatrends Inc\.|American Power Conversion|APC|Avaya|Avocent Mergepoint|"?Cisco Sys?tems|Citrix ANG|Dell Inc|EMC|EndRun Technologies|Foundstone|"?Hitachi|Hewlett-Packard|IBM|Imperva Inc\.|Infoblox|LANDesk\(R\) Software, Ltd|"?Liquidware Labs|Lexmark|McAfee|MANDIANT|Opsware Inc\.|Palo Alto Networks|SolarWinds|"?Sourcefire|Splunk|Valued Datadomain Customer|"?VMWare))
Comments
Just to add some more detail here, this regular expression should be set to match against the "Issuer DN"