Trust Protection Platform can manage both network and local X.509 certificates. Using Network Discovery, administrators can identify their network’s functional SSL/TLS certificates (the certificate must respond to a network SSL query) and bring those certificates under management. Director can manage network SSL certificates at the Monitoring, Enrollment, or Provisioning (TrustForce) levels of certificate management.
Using Agent Discovery, administrators can discover X.509 certificates in local file systems and keystores, then bring them under management for Monitoring. When a local certificate is brought under management, Director monitors the certificate and provides current information on the certificate status. When a certificate nears the end of its lifecycle, Director provides notifications so you can manually renew and install the certificate before it expires.
The difference between network and Agent Discovery is that Network Discovery can only discover certificates that respond to SSL queries on designated IP addresses and ports, whereas the Director Agent can discover certificates located in the file system or keystores.