Overview
CertMS provides powerful reporting capabilities to help you track, analyze, and manage certificates across your entire infrastructure. Reports can be generated on-demand or scheduled for automatic delivery via email, ensuring stakeholders stay informed about certificate status, expirations, and compliance.
Prerequisites
Before creating reports, ensure:
- You have certificates being monitored in CertMS (from CA Monitors, Servers, or URL Monitors)
- You understand what certificate data you need to report on
- You have email addresses for report recipients (if scheduling delivery)
Step-by-Step Configuration
Step 1: Access Report Management
- In the left-hand navigation menu, click on Reports
- This page displays all currently configured reports
- Review existing reports and their schedules
Step 2: Create New Report
- Click the Create New Report button
- Begin configuring your report settings
Step 3: Configure Basic Report Settings
Required Fields
| Field | Description | Example |
|---|---|---|
| Report Name | Descriptive name for this report (required) | “Monthly Certificate Expiration Report” |
| Report Type | Type of certificate data to report (required) | See report types below |
Step 4: Select Report Type
Choose the report type that matches your reporting needs. Each type has specific configuration options.
Available Report Types
1. Issued Certificates
Tracks certificates that have been issued within a specified timeframe.
Report Configuration:
- Number of days to look back for issued certificates: How far back to search for issued certificates (e.g., 30, 60, 90 days)
Use Case: Monitor certificate issuance activity, audit new certificates, track certificate requests
2. Expired Certificates
Identifies certificates that have expired within a specified timeframe.
Report Configuration:
- Number of days to look back for expired certificates: How far back to search for expired certificates (e.g., 7, 30, 90 days)
Use Case: Identify recently expired certificates that may need renewal, audit certificate lifecycle
3. Revoked Certificates
Lists certificates that have been revoked within a specified timeframe.
Report Configuration:
- Number of days to look back for revoked certificates: How far back to search for revoked certificates (e.g., 30, 60, 90 days)
Use Case: Security audits, compliance reporting, tracking certificate revocations
4. Expiring Soon
Proactively identifies certificates approaching expiration.
Report Configuration:
- Number of days to look ahead for expiring certificates: How many days in the future to check for expiring certificates (e.g., 30, 60, 90 days)
Use Case: Proactive certificate renewal planning, prevent service disruptions, compliance management
5. Recently Expired
Focuses on certificates that have expired in the recent past.
Report Configuration:
- Number of days to look back for expired certificates: How far back to search for recently expired certificates (e.g., 7, 14, 30 days)
Use Case: Immediate remediation, identify services at risk, emergency response
6. Weak Algorithms
Identifies certificates using cryptographically weak algorithms.
Report Configuration:
- Types of certificates to include based on status: Select certificate statuses to include
- ☐ Active
- ☐ Expired
- ☐ Revoked
- ☐ Pending
- ☐ Suspended
Use Case: Security compliance, identify vulnerable certificates, plan algorithm upgrades (e.g., SHA-1 to SHA-256)
7. Specific Algorithms
Searches for certificates using particular cryptographic algorithms.
Report Configuration:
- List of specific algorithms to search for: Enter algorithm names (e.g., SHA-256, RSA 2048, ECC)
- Types of certificates to include based on status: Select certificate statuses
- ☐ Active
- ☐ Expired
- ☐ Revoked
- ☐ Pending
- ☐ Suspended
Use Case: Inventory specific algorithm usage, compliance verification, migration planning
8. Certificates by Issuer
Organizes certificates by their issuing Certificate Authority.
Report Configuration:
- Types of certificates to include based on status: Select certificate statuses
- ☐ Active
- ☐ Expired
- ☐ Revoked
- ☐ Pending
- ☐ Suspended
- Number of days to look back: Historical timeframe for certificate data
- Specific Issuers to Include: List of Certificate Authority names to include (e.g., “DigiCert”, “Let’s Encrypt”, “Internal CA”)
Use Case: CA vendor management, cost analysis, compliance by issuer, trust chain auditing
Step 5: Configure Email Scheduling (Optional)
Enable automatic report delivery via email by checking Enable Email Scheduling.
Email Scheduling Options
| Field | Description | Options |
|---|---|---|
| Frequency | How often the report is generated and sent | Daily, Weekly, Monthly, Quarterly |
| Delivery Type | How the report is included in the email | Attachment, Inline, Both |
| Next Run Time | Date and time for the next scheduled report | Date/Time picker |
| Email Recipients | Email addresses to receive the report | Multiple addresses separated by commas |
| Output Formats | File formats for report generation | ☐ HTML ☐ CSV |
Frequency Details
| Frequency | Typical Use Case |
|---|---|
| Daily | Critical certificate monitoring, expiring soon reports |
| Weekly | Regular status updates, management summaries |
| Monthly | Compliance reports, executive summaries, trend analysis |
| Quarterly | Strategic planning, annual compliance, vendor reviews |
Delivery Type Options
| Type | Description | Best For |
|---|---|---|
| Attachment | Report sent as file attachment | Archiving, importing into other systems |
| Inline | Report content embedded in email body | Quick review, mobile viewing |
| Both | Report in email body AND as attachment | Maximum flexibility, comprehensive delivery |
Output Format Selection
- HTML: Web-friendly format, easy to view in email clients, includes formatting and styling
- CSV: Spreadsheet-compatible, ideal for data analysis and import into Excel/databases
- PDF: Professional presentation format, suitable for printing and formal distribution
Best Practice: Select multiple output formats to accommodate different recipient needs and use cases.
Step 6: Configure Report Filters (Optional)
The Report Filters section allows you to create advanced, granular filters based on multiple certificate attributes for more targeted reporting.
Available Filter Attributes
Report filters can be based on various certificate properties:
- Subject Name: Filter by certificate subject/common name
- Subject Alternative Names (SANs): Filter by additional domain names
- Issuer: Filter by Certificate Authority
- Key Size: Filter by encryption key length (e.g., 2048-bit, 4096-bit)
- Serial Number: Filter by specific certificate serial numbers
- Thumbprint/Fingerprint: Filter by certificate hash
- Certificate Template: Filter by template name (for CA-issued certificates)
- Location: Filter by server name, URL, or source
- Organizational Unit (OU): Filter by certificate OU field
- Organization (O): Filter by organization name
- Country (C): Filter by country code
Filter Configuration Tips
- Combine multiple filters: Create precise reports by using multiple filter criteria
- Use wildcards: Many fields support wildcard matching (e.g.,
*.example.com) - Test filters: Run reports on-demand first to verify filter results
- Document complex filters: Keep notes on advanced filter logic for future reference
Step 7: Save and Generate Report
- Review all report configuration settings
- Click Create Report or Save to save the report configuration
- The report will appear in your Reports list
Immediate Actions
- Run Now: Generate the report immediately to preview results
- Edit: Modify report settings if needed
- Schedule: Verify email scheduling is configured correctly
Managing Reports
Viewing Existing Reports
- Navigate to Reports in the left-hand navigation
- View all configured reports with details:
- Report name and type
- Schedule frequency (if enabled)
- Last run time
- Next scheduled run
Running Reports On-Demand
To generate a report immediately:
- Click on the report in the Reports list
- Click Run Report or Generate Now
- View or download the results
Editing Reports
- Click on any report in the list
- Modify settings as needed
- Save changes
- Updated schedule will take effect immediately
Disabling Scheduled Reports
To temporarily stop scheduled delivery:
- Open the report
- Uncheck Enable Email Scheduling
- Save changes
Deleting Reports
To permanently remove a report:
- Select the report from the list
- Click Delete or the delete icon
- Confirm deletion
Report Best Practices
Naming Conventions
Use clear, descriptive names that indicate:
- Purpose: What the report tracks
- Frequency: How often it runs
- Audience: Who receives it
Examples:
- “Daily Expiring Soon – IT Team”
- “Monthly Weak Algorithms – Security Audit”
- “Quarterly Certificates by Issuer – Executive Summary”
Scheduling Strategy
| Report Type | Recommended Frequency | Recommended Recipients |
|---|---|---|
| Expiring Soon | Daily or Weekly | IT Operations, Certificate Managers |
| Recently Expired | Daily | IT Operations (urgent action needed) |
| Issued Certificates | Weekly or Monthly | Security Team, Audit |
| Weak Algorithms | Monthly | Security Team, Compliance |
| Certificates by Issuer | Monthly or Quarterly | Management, Finance, Procurement |
Output Format Selection
- For executives: PDF (professional, easy to print)
- For analysts: CSV (data analysis, spreadsheets)
- For quick review: HTML inline (fast viewing in email)
- For archiving: All formats (comprehensive record-keeping)
Filter Usage
- Start broad: Create general reports first, then add filters as needed
- Test thoroughly: Verify filters return expected results
- Document logic: Keep notes on complex filter combinations
- Review regularly: Update filters as infrastructure changes
Common Report Scenarios
Scenario 1: Proactive Expiration Management
Goal: Prevent certificate expirations
Configuration:
- Report Type: Expiring Soon
- Look Ahead: 60 days
- Frequency: Weekly
- Recipients: IT Operations team
- Format: HTML inline + CSV attachment
Scenario 2: Security Compliance Audit
Goal: Identify weak cryptographic algorithms
Configuration:
- Report Type: Weak Algorithms
- Status: Active only
- Frequency: Monthly
- Recipients: Security team, Compliance officer
- Format: PDF
Scenario 3: Vendor Cost Analysis
Goal: Track certificate costs by issuer
Configuration:
- Report Type: Certificates by Issuer
- Status: Active
- Look Back: 365 days
- Frequency: Quarterly
- Recipients: Finance, IT Management
- Format: CSV + PDF
Scenario 4: Emergency Response
Goal: Identify recently expired certificates requiring immediate action
Configuration:
- Report Type: Recently Expired
- Look Back: 7 days
- Frequency: Daily
- Recipients: IT Operations (urgent)
- Format: HTML inline (immediate visibility)
Troubleshooting
Common Issues
| Issue | Possible Cause | Solution |
|---|---|---|
| Report not generating | Invalid configuration or no matching data | Verify report settings and check for certificates matching criteria |
| Email not received | Incorrect email addresses or spam filtering | Verify recipient addresses and check spam/junk folders |
| Empty report | Filters too restrictive or no matching certificates | Broaden filters or verify certificate data exists |
| Wrong data in report | Incorrect report type or date range | Review report configuration and date parameters |
| Schedule not running | Email scheduling disabled or system issue | Verify scheduling is enabled and check system status |
Verification Steps
- Test with on-demand run: Generate report manually to verify configuration
- Check email addresses: Confirm recipient addresses are correct
- Review filters: Ensure filters aren’t excluding all results
- Verify date ranges: Check that lookback/lookahead periods are appropriate
- Confirm certificate data: Ensure certificates exist that match report criteria
Next Steps
Once reports are configured:
- Review regularly: Check reports for actionable items
- Take action: Renew expiring certificates, replace weak algorithms
- Refine filters: Adjust report configuration based on results
- Share insights: Distribute reports to relevant stakeholders
- Archive reports: Maintain historical records for compliance and trend analysis
Need Help? Contact our support team at support@certms.com for assistance with report configuration, scheduling, or interpreting results.
