The agent should include a scan of the certificate store for the server it is installed on then create a new Internal TLS/SSL inspector for any non-Self-Signed SSLs in the store.