Creating Reports¶
Overview¶
CertMS provides powerful reporting capabilities to help you track, analyze, and manage certificates across your entire infrastructure. Reports can be generated on-demand or scheduled for automatic email delivery, ensuring stakeholders stay informed about certificate status, expirations, and compliance.
Prerequisites¶
Before creating reports, ensure you have:
- Certificates being monitored in CertMS (from CA Monitors, Servers, or URL Monitors)
- A clear understanding of what certificate data you need to report on
- Email addresses for report recipients, if scheduling delivery
Step-by-Step Configuration¶
Step 1: Access Report Management¶
- In the left-hand navigation menu, click Reports
- Review existing reports and their schedules
Step 2: Create a New Report¶
- Click Create New Report
- Enter a Report Name — use a descriptive name that indicates the report's purpose, frequency, and audience (e.g.,
Daily Expiring Soon - IT Team) - Select a Report Type — see the section below for all available types
Report Types¶
Choose the report type that matches your reporting need. Each type has specific configuration options.
Issued Certificates¶
Tracks certificates that have been issued within a specified timeframe.
- Configuration: Number of days to look back for issued certificates (e.g., 30, 60, 90)
- Use case: Monitor issuance activity, audit new certificates, track certificate requests
Expired Certificates¶
Identifies certificates that have expired within a specified timeframe.
- Configuration: Number of days to look back for expired certificates (e.g., 7, 30, 90)
- Use case: Audit certificate lifecycle, identify recently expired certificates that may need renewal
Revoked Certificates¶
Lists certificates that have been revoked within a specified timeframe.
- Configuration: Number of days to look back for revoked certificates (e.g., 30, 60, 90)
- Use case: Security audits, compliance reporting, tracking certificate revocations
Expiring Soon¶
Proactively identifies certificates approaching expiration.
- Configuration: Number of days to look ahead for expiring certificates (e.g., 30, 60, 90)
- Use case: Proactive renewal planning, preventing service disruptions, compliance management
Recently Expired¶
Focuses on certificates that have expired in the recent past.
- Configuration: Number of days to look back (e.g., 7, 14, 30)
- Use case: Immediate remediation, identifying services at risk, emergency response
Weak Algorithms¶
Identifies certificates using cryptographically weak algorithms.
- Configuration: Select which certificate statuses to include:
- ☐ Active
- ☐ Expired
- ☐ Revoked
- ☐ Pending
- ☐ Suspended
- Use case: Security compliance, identifying vulnerable certificates, planning algorithm upgrades (e.g., SHA-1 to SHA-256)
Specific Algorithms¶
Searches for certificates using particular cryptographic algorithms.
- Configuration:
- List of algorithm names to search for (e.g.,
SHA-256,RSA 2048,ECC) - Certificate statuses to include (Active, Expired, Revoked, Pending, Suspended)
- List of algorithm names to search for (e.g.,
- Use case: Inventory specific algorithm usage, compliance verification, migration planning
Certificates by Issuer¶
Organizes certificates by their issuing Certificate Authority.
- Configuration:
- Certificate statuses to include (Active, Expired, Revoked, Pending, Suspended)
- Number of days to look back
- Specific issuer names to include (e.g.,
DigiCert,Let's Encrypt,Internal CA)
- Use case: CA vendor management, cost analysis, compliance by issuer, trust chain auditing
Step 3: Configure Email Scheduling (Optional)¶
Check Enable Email Scheduling to set up automatic report delivery.
Scheduling Options¶
| Field | Description | Options |
|---|---|---|
| Frequency | How often the report is generated and sent | Daily, Weekly, Monthly, Quarterly |
| Delivery Type | How the report is included in the email | Attachment, Inline, Both |
| Next Run Time | Date and time for the next scheduled run | Date/time picker |
| Email Recipients | Who receives the report | Multiple addresses, comma-separated |
| Output Formats | File format(s) for the report | ☐ HTML ☐ CSV ☐ PDF |
Frequency Guide¶
| Frequency | Best For |
|---|---|
| Daily | Critical monitoring, Recently Expired, Expiring Soon |
| Weekly | Regular status updates, management summaries |
| Monthly | Compliance reports, executive summaries, trend analysis |
| Quarterly | Strategic planning, annual compliance, vendor reviews |
Delivery Types¶
| Type | Description | Best For |
|---|---|---|
| Attachment | Report sent as a file attachment | Archiving, importing into other systems |
| Inline | Report content embedded in the email body | Quick review, mobile viewing |
| Both | Report in email body and as an attachment | Maximum flexibility |
Output Formats¶
- HTML — Web-friendly, includes formatting and styling; easy to view in email clients
- CSV — Spreadsheet-compatible; ideal for data analysis and import into Excel or databases
- PDF — Professional presentation format; suitable for printing and formal distribution
Tip: Select multiple output formats to accommodate different recipient needs.
Step 4: Configure Report Filters (Optional)¶
The Report Filters section lets you create granular filters based on certificate attributes for more targeted results.
Available Filter Attributes¶
| Attribute | Description |
|---|---|
| Subject Name | Filter by certificate subject / common name |
| Subject Alternative Names (SANs) | Filter by additional domain names |
| Issuer | Filter by Certificate Authority |
| Key Size | Filter by encryption key length (e.g., 2048-bit, 4096-bit) |
| Serial Number | Filter by specific certificate serial numbers |
| Thumbprint / Fingerprint | Filter by certificate hash |
| Certificate Template | Filter by template name (CA-issued certificates) |
| Location | Filter by server name, URL, or source |
| Organizational Unit (OU) | Filter by OU field |
| Organization (O) | Filter by organization name |
| Country (C) | Filter by country code |
Filter Tips¶
- Combine multiple filters to create precise, targeted reports
- Use wildcards where supported (e.g.,
*.example.com) - Run on-demand first to verify filters return the expected results before scheduling
- Document complex filters — keep notes on advanced filter logic for future reference
Step 5: Save and Run¶
- Review all configuration settings
- Click Create Report to save
- The report appears in your Reports list
From the Reports list you can:
- Run Now — Generate the report immediately to preview results
- Edit — Modify settings at any time; schedule changes take effect immediately
- Disable scheduling — Uncheck Enable Email Scheduling and save to pause delivery without deleting the report
- Delete — Select the report, click Delete, and confirm
Common Report Scenarios¶
Proactive Expiration Management¶
Goal: Prevent certificate expirations before they cause outages.
| Setting | Value |
|---|---|
| Report Type | Expiring Soon |
| Look Ahead | 60 days |
| Frequency | Weekly |
| Recipients | IT Operations team |
| Format | HTML inline + CSV attachment |
Security Compliance Audit¶
Goal: Identify certificates using weak cryptographic algorithms.
| Setting | Value |
|---|---|
| Report Type | Weak Algorithms |
| Status | Active only |
| Frequency | Monthly |
| Recipients | Security team, Compliance officer |
| Format |
Vendor Cost Analysis¶
Goal: Track certificate volume and costs by issuing CA.
| Setting | Value |
|---|---|
| Report Type | Certificates by Issuer |
| Status | Active |
| Look Back | 365 days |
| Frequency | Quarterly |
| Recipients | Finance, IT Management |
| Format | CSV + PDF |
Emergency Response¶
Goal: Identify recently expired certificates requiring immediate action.
| Setting | Value |
|---|---|
| Report Type | Recently Expired |
| Look Back | 7 days |
| Frequency | Daily |
| Recipients | IT Operations |
| Format | HTML inline |
Recommended Scheduling by Report Type¶
| Report Type | Recommended Frequency | Recommended Recipients |
|---|---|---|
| Expiring Soon | Daily or Weekly | IT Operations, Certificate Managers |
| Recently Expired | Daily | IT Operations |
| Issued Certificates | Weekly or Monthly | Security Team, Audit |
| Weak Algorithms | Monthly | Security Team, Compliance |
| Certificates by Issuer | Monthly or Quarterly | Management, Finance, Procurement |
Troubleshooting¶
| Issue | Likely Cause | Solution |
|---|---|---|
| Report not generating | Invalid config or no matching data | Verify settings and confirm matching certificates exist |
| Email not received | Incorrect address or spam filtering | Check recipient addresses and spam/junk folders |
| Empty report | Filters too restrictive | Broaden filters or verify certificate data exists |
| Wrong data in report | Incorrect report type or date range | Review report type and date parameters |
| Schedule not running | Email scheduling disabled | Confirm Enable Email Scheduling is checked |
Verification Steps¶
- Run on demand — Generate manually to verify configuration before relying on scheduled delivery
- Check email addresses — Confirm all recipient addresses are correct
- Review filters — Ensure filters aren't excluding all results
- Verify date ranges — Confirm lookback/lookahead periods cover the expected window
- Confirm certificate data — Ensure certificates exist that match the report criteria
Need help? Contact support at support@certms.com for assistance with report configuration, scheduling, or interpreting results.