Skip to content

Set up email reports

Email reports help you track the status of your certificates and TLS server endpoints and alert you to any risks that need attention. The report emails give you a consistent and steady view into the status of your environment without having to sign in to TLS Protect Cloud.


If you don't see the capabilities mentioned below, reach out to the Venafi team to ensure you are entitled to it.

Two reports are available:

  • Machine Identity Digest: summarizes certificate and TLS server endpoint activity and highlights risks.
  • Applications Certificate Expiration Digest: schedules when you'll receive email notifications of expiring certificates assigned to applications or machines that you own.

Machine Identity Digest

This report summarizes certificate and TLS server endpoint activity. It highlights potential risks that you should be aware of so that you can resolve them.

Description of items included in the Machine Identity Digest email

Certificates at risk

Item Description
Expired Installed certificates currently expired.
Expiring soon Installed certificates scheduled to expire in the next 60 days.
Not managed Certificates that are not currently assigned to an application.
Weak keys Certificates that have RSA keys less than 2048 bit.
Weak hash algorithm Certificates that use the MD5 or SHA1 hashing algorithm.

TLS server endpoints at risk

Item Description
Update required TLS server endpoints that are using older versions of certificates that should be replaced with the newer versions.
Certificate chain errors TLS server endpoints where the chain is either expiring soon, is missing, or is untrusted. This item will be shown only if you have the validation premium feature enabled.
Weak protocol TLS server endpoints that are less than TLS 1.2.
Offline TLS server endpoints that haven’t been seen by TLS Protect Cloud in the last 30 days.

Certificates and TLS Server Endpoints Summary

Item Description
Online Certificates discovered by TLS Protect Cloud in the last 30 days.
Newly discovered Certificates discovered by TLS Protect Cloud in the last 60 days.
Issued Certificates issued by TLS Protect Cloud in the last 60 days.

Applications Certificate Expiration Digest

This report shows expiring certificates assigned to the applications of the signed-in user. This report is application-focused rather than certificate-focused.


A user with User ID signs in to TLS Protect Cloud and enables this notification. She then adds User ID as a recipient. When TLS Protect Cloud sends the email, will receive the report that shows the status of's applications.

Configuring reports

  1. Click your Avatar in the top-right corner.

  2. Click Preferences.

  3. In the left pane, click Reports.

  4. Click the slider to the Enabled position for each report you want to receive.

  5. Expand each notification that you've enabled.

  6. Set the email frequency and interval.

  7. Add email addresses for those who should receive the report.


    You can add any email address to the distribution list. Users don't have to be registered with TLS Protect Cloud to receive the email.

  8. Click Save.