Set up email reports¶
Email reports help you track the status of your certificates and TLS server endpoints and alert you to any risks that need attention. The report emails give you a consistent and steady view into the status of your environment without having to sign in to TLS Protect Cloud.
Note
If you don't see the capabilities mentioned below, reach out to the Venafi team to ensure you are entitled to it.
Two reports are available:
- Machine Identity Digest: summarizes certificate and TLS server endpoint activity and highlights risks.
- Applications Certificate Expiration Digest: schedules when you'll receive email notifications of expiring certificates assigned to applications or machines that you own.
Machine Identity Digest¶
This report summarizes certificate and TLS server endpoint activity. It highlights potential risks that you should be aware of so that you can resolve them.
Description of items included in the Machine Identity Digest email
Certificates at risk
| Item | Description |
|---|---|
| Expired | Installed certificates currently expired. |
| Expiring soon | Installed certificates scheduled to expire in the next 60 days. |
| Not managed | Certificates that are not currently assigned to an application. |
| Weak keys | Certificates that have RSA keys less than 2048 bit. |
| Weak hash algorithm | Certificates that use the MD5 or SHA1 hashing algorithm. |
TLS server endpoints at risk
| Item | Description |
|---|---|
| Update required | TLS server endpoints that are using older versions of certificates that should be replaced with the newer versions. |
| Certificate chain errors | TLS server endpoints where the chain is either expiring soon, is missing, or is untrusted. This item will be shown only if you have the validation premium feature enabled. |
| Weak protocol | TLS server endpoints that are less than TLS 1.2. |
| Offline | TLS server endpoints that haven’t been seen by TLS Protect Cloud in the last 30 days. |
Certificates and TLS Server Endpoints Summary
| Item | Description |
|---|---|
| Online | Certificates discovered by TLS Protect Cloud in the last 30 days. |
| Newly discovered | Certificates discovered by TLS Protect Cloud in the last 60 days. |
| Issued | Certificates issued by TLS Protect Cloud in the last 60 days. |
Applications Certificate Expiration Digest¶
This report shows expiring certificates assigned to the applications of the signed-in user. This report is application-focused rather than certificate-focused.
Example
A user with User ID maria@company.com signs in to TLS Protect Cloud and enables this notification. She then adds User ID jose@company.com as a recipient. When TLS Protect Cloud sends the email, jose@company.com will receive the report that shows the status of maria@company.com's applications.
Configuring reports¶
-
Click your Avatar in the top-right corner.
-
Click Preferences.
-
In the left pane, click Reports.
-
Click the slider to the Enabled position for each report you want to receive.
-
Expand each notification that you've enabled.
-
Set the email frequency and interval.
-
Add email addresses for those who should receive the report.
Note
You can add any email address to the distribution list. Users don't have to be registered with TLS Protect Cloud to receive the email.
-
Click Save.