US Patent 10911433 Network traffic distribution using certificate scanning in agent-based architecture

Systems and methods are disclosed herein for determining the validity of certificates possessed by a plurality of computer system instances operating under a service of a computing resource service provider. A certificate authority may hold an election to determine an intermediary computer system instance among the plurality of computer system instances to communicate between the certificate authority and the plurality of computer system instances. The intermediary instance may receive a set of certificate fingerprints from the plurality of computer system instances. The intermediary instance may compare the set of certificate fingerprints to a valid certificate fingerprint generated using a valid certificate to determine the validity of certificates possessed by the plurality of computer system instances. The intermediary instance may generate a report based on the determination of the validity of the certificates. The certificate authority may modify the instances operating under the service based on the report.