Skip to content

Standard reports

The Custom Reports tool includes several standard reports you can use as-is or customize for your needs. These reports address common risks and challenges in certificate management, such as certificate lifetime, ownership, cryptographic strength, wildcard use, and impending expiration. Together, they provide a baseline view of your environment’s security and compliance posture.

  • Certificates with validity greater than 47 days
    Identify certificates with unusually long lifetimes, which can pose security and compliance risks. The CA/Browser Forum currently limits TLS certificate validity to 398 days. Longer-lived certificates increase the risk window if a key is compromised.

  • Certificates not assigned to an application
    Find certificates that are not linked to any application. These certificates are often overlooked during renewals and can create operational blind spots.

  • Weak keys—certificates with RSA key strengths less than 1024
    Identify certificates with weak cryptographic keys. Keys shorter than 1024 bits are insecure, and most compliance frameworks require 2048 bits or greater.

  • Wildcard certificates
    Review wildcard certificates, such as *.example.com. While convenient, wildcard certificates increase risk if compromised, and their use should be carefully controlled.

  • Application certificates expiration (30 days)
    Highlight certificates tied to applications that expire within the next 30 days. Use this report to prioritize renewal efforts and prevent downtime.

Customize standard reports

You can use a standard report as a starting point and adjust filters or add criteria to create a custom report. Think of these reports as customizable baseline views that address common compliance requirements and operational risks.

Common customizations

The following table shows examples of how standard reports are commonly adapted:

Standard report Example customization
Application certificates expiration (30 days) Change the window to 15, 45, or 60 days
Certificates with validity greater than 47 days Adjust the validity threshold to match your policy
Certificates not assigned to an application Limit results to a specific team or business unit
Weak keys Flag RSA keys smaller than 2048 bits or non-approved algorithms
Wildcard certificates Filter to show certificates for critical applications only

What’s next?

Use these reports to get quick visibility into your certificate inventory. You can then save a standard report as a custom report and refine it to focus on the certificates and risks most relevant to your environment.