Standard Reports
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure Akamai Connection
- Configure AWS Connection
- Configure Azure Key Vault Connection
-
- Workload Identity Federation Authentication
- Workload Identity Federation - Azure Identity Provider Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Workload Identity Federation Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Supported OIDC Claims
-
-
-
- Working with the Built-in CA
- Add AWS Public CA
- Add AWS Private CA
- Add DigiCert One Certificate Authority
- Add Entrust
- Add GlobalSign Atlas
- Add GlobalSign MSSL
- Add GoDaddy
- Add Google Cloud Private CA
- Add a HID PKIaaS CA
- Add Certificate Manager - Self-Hosted
- Set Up an OpenSSL Certificate Authority Connector
- Create a Sectigo Certificate Manager Certificate Authority
- Add Zero Touch PKI
- Set Up Certificate Expiration Notifications
- Using a Custom DNS Provider
-
-
-
-
- Create an F5 BIG-IP LTM Machine
- Create a Microsoft Azure Private Key Vault Machine
- Create a Microsoft Azure Application Registration Machine
- Create a Microsoft IIS Machine
- Create a Microsoft Windows (PowerShell) Machine
- Create a Microsoft SQL Server Machine
- Create a Common KeyStore Machine
- Create a Citrix ADC Machine
- Create an Imperva WAF Machine
- Create a VMware NSX Advanced Load Balancer (AVI) Machine
- Create an A10 Thunder ADC Machine
- Create a Cloudflare Machine
- Create Kemp Virtual LoadMaster Machine
- Create a Palo Alto Panorama Machine
- Create a Radware Alteon Machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
- Provision Certificates to Radware Alteon
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing Certificate Lifecycle Settings
- Reissuing Certificates in Next-Gen Trust Security
- Downloading Certificates, Certificate Chains, and Keystores
- Retiring, Recovering, and Deleting Certificates
- Finding Certificates in the Certificate Inventory
- Importing Certificates from a CA Using EJBCA
- Domain-Based Validation for External Emails
-
- Create a Workload Identity Management or Discovery Agent Built-in Account
- Create an OCI Registry Built-in Account
- Create a Certificate Manager - Self-Hosted Built-in Account
- Create a Scanafi Built-in Account
- Toggling a Built-in Account on or Off
- Editing Built-in Accounts
- Deleting Existing Built-in Accounts
- Renew Existing Built-in Accounts
- Troubleshooting
Standard Reports
The Custom Reports tool includes several standard reports you can use as-is or customize for your needs. These reports address common risks and challenges in certificate management, such as certificate lifetime, ownership, cryptographic strength, wildcard use, and impending expiration. Together, they provide a baseline view of your environment’s security and compliance posture.
- Certificates with validity greater than 47 daysIdentify certificates with unusually long lifetimes, which can pose security and compliance risks. The CA/Browser Forum currently limits TLS certificate validity to 398 days. Longer-lived certificates increase the risk window if a key is compromised.
- Weak keys—certificates with RSA key strengths less than 1024Identify certificates with weak cryptographic keys. Keys shorter than 1024 bits are insecure, and most compliance frameworks require 2048 bits or greater.
- Wildcard certificatesReview wildcard certificates, such as *.example.com. While convenient, wildcard certificates increase risk if compromised, and their use should be carefully controlled.
Customize Standard Reports
You can use a standard report as a starting point and adjust filters or add criteria to create a custom report. Think of these reports as customizable baseline views that address common compliance requirements and operational risks.
Common Customizations
The following table shows examples of how standard reports are commonly adapted:
| Standard report | Example customization |
|---|---|
| Certificates with validity greater than 47 days | Adjust the validity threshold to match your policy |
| Weak keys | Flag RSA keys smaller than 2048 bits or non-approved algorithms |
| Wildcard certificates | Filter to show certificates by specific criteria |
What’s Next?
Use these reports to get quick visibility into your certificate inventory. You can then save a standard report as a custom report and refine it to focus on the certificates and risks most relevant to your environment.