Skip to content

Standard reports

The Custom Reports tool includes several standard reports you can use as-is or customize for your needs. These reports address common risks and challenges in certificate management, such as certificate lifetime, ownership, cryptographic strength, wildcard use, and impending expiration. Together, they provide a baseline view of your environment’s security and compliance posture.

  • Certificates with validity greater than 47 days
    Identify certificates with unusually long lifetimes, which can pose security and compliance risks. The CA/Browser Forum currently limits TLS certificate validity to 398 days. Longer-lived certificates increase the risk window if a key is compromised.

  • Certificates not assigned to an application
    Find orphaned certificates that aren't linked to any application. These certificates are often overlooked during renewals and can create security blind spots.

  • Weak keys—certificates with RSA key strengths less than 1024
    Identify certificates with weak keys. Keys shorter than 1024 bits are insecure, and most compliance frameworks require 2048 bits or greater.

  • Wildcard certificates
    Review wildcard certificates (for example, *.example.com). Wildcards are convenient but increase risk if compromised. Industry guidelines recommend limiting their use.

  • Application certificates expiration (30 days)
    Highlight certificates tied to applications that expire within the next 30 days. Use this report to proactively renew certificates and prevent downtime.

Customize standard reports

You can customize any filter object, and you can add additional criteria when using a standard report as a template for a custom report. Think of these five reports as customizable Top Reports. They address the most common compliance requirements and operational risks organizations face today.

Common customizations

Here are a few simple ways customers often adapt the standard reports:

Standard report Example customization
Application certificates expiration (30 days) Change the window to 15, 45, or 60 days
Certificates with validity greater than 47 days Adjust the validity threshold to match your policy
Certificates not assigned to an application Limit results to a specific team or business unit
Weak keys Expand the rule to flag RSA < 2048 or non-approved algorithms
Wildcard certificates Filter to only show certificates for critical applications

What's next?

Use these reports to get quick visibility into your certificate landscape. From there, you can:

  • Save a standard report as a custom report and adjust filters (for example, shorten the expiration window or focus on specific applications).
  • Share reports with your team to align on certificate health and ownership.
  • Schedule or export reports to integrate them into compliance reviews or operational dashboards.