Skip to content

Set up certificate expiration reports

Introduction

Certificate expiration reports are essential tools for managing your digital certificates effectively. These reports, formatted as CSV files, provide a comprehensive list certificates due to expire within a predetermined number of days. Additionally, you have the option to include recently-expired certificates. These reports are emailed to the selected recipients at intervals that you define. You can also send the report on-demand.

Each report is a snapshot in time reflecting the status of certificates nearing expiration and expired in your inventory. Staying informed, evaluating, and acting upon expiring certificates is critical to secure machine identities and reduce the likelihood of certificate-related outages.

To set up automated expiration reports

  1. Sign in to TLS Protect Cloud.
  2. Click Policies > Certificate Lifecycle.
  3. Click Certificate Expiration Reporting Policy.

  4. Complete the fields according to the following guidelines:

    Field Description
    Certificate expiration reporting Slide to enable or disable certificate reporting.
    Certificate expiration window Certificates that expire in fewer than the number of days you enter will be included.
    Disregard certificates past Certificates that have been expired for more than the number of days you enter will be ignored.
    Report schedule

    From the Repeat drop-down, select either Weekly or Advanced.

    • Weekly: Click which days of the week you want the report to be sent.

    • Advanced: Enter a cron expression in the Schedule box.

      The first two digits of the cron expression are ignored.

    As you complete this section, the paragraph below updates to show exactly when your reports will be sent.
    Report recipients

    From the Select Roles drop-down, select the TLS Protect Cloud roles that should receive the report. These users will be included in the BCC list of the notification email.

    Note

    The same report content is sent to all recipients. The report content isn't filtered or customized based on role or application ownership.
    Additional recipients From the Select Users/Teams drop-down, select any additional users or teams that you want the report to go to. These users will be included in the BCC list of the notification email.

  5. Click Save.

Sending the report on-demand

In addition to having the report sent at a scheduled interval, you can also send them on-demand.

  1. Sign in to TLS Protect Cloud.
  2. In the top menu bar, click Settings > Certificate Lifecycle.
  3. Click Certificate Expiration Reporting Policy.
  4. At the bottom of the configuration fields, click Send Report Now.