{"id":2529,"date":"2025-07-02T13:12:56","date_gmt":"2025-07-02T13:12:56","guid":{"rendered":"https:\/\/zecurit.com\/help\/?post_type=docs&#038;p=2529"},"modified":"2025-07-28T06:17:42","modified_gmt":"2025-07-28T06:17:42","slug":"certificate-reports","status":"publish","type":"docs","link":"https:\/\/zecurit.com\/help\/asset-management\/reports-analytics\/pre-built-reports\/certificate-reports\/","title":{"rendered":"Certificate Reports"},"content":{"rendered":"\n<p>The <strong>Certificate Reports<\/strong> provides comprehensive visibility into the SSL, code signing and system-level certificates deployed across your devices. These reports help IT admins identify weak configurations, expired or soon-to-expire certificates and audit certificate usage across platforms.<\/p>\n\n\n\n<p>Monitoring certificate health is critical for preventing service disruptions, ensuring secure communication and maintaining compliance with internal and industry standards.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. Certificates by Key Size<\/strong><\/h2>\n\n\n\n<p>This report categorizes certificates based on their key size, providing an overview of cryptographic strength across all managed devices.<\/p>\n\n\n\n<p><strong>Use Cases:<\/strong><\/p>\n\n\n\n<p>Helps identify certificates using insufficient key lengths (e.g., less than 2048 bits), which are vulnerable to brute-force attacks. Useful for maintaining cryptographic best practices.<\/p>\n\n\n\n<p><strong>Key Fields:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Device Name<\/li>\n\n\n\n<li>Certificate Name<\/li>\n\n\n\n<li>Key Size<\/li>\n\n\n\n<li>Issuer<\/li>\n\n\n\n<li>Algorithm<\/li>\n\n\n\n<li>Status<\/li>\n\n\n\n<li>Expiry Date<\/li>\n\n\n\n<li>Platform<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Certificates Grouped by Issuer<\/strong><\/h2>\n\n\n\n<p>This report organizes certificates based on their issuing authority to simplify auditing and trust chain validation.<\/p>\n\n\n\n<p><strong>Use Cases:<\/strong><\/p>\n\n\n\n<p>Useful to identify certificates issued by non-trusted or internal Certificate Authorities. Enables auditing of CA dependencies in the organization.<\/p>\n\n\n\n<p><strong>Key Fields:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Issuer<\/li>\n\n\n\n<li>Certificate Name<\/li>\n\n\n\n<li>Device Name<\/li>\n\n\n\n<li>Algorithm<\/li>\n\n\n\n<li>Status (Active\/Revoked)<\/li>\n\n\n\n<li>Key Size<\/li>\n\n\n\n<li>Expiry Date<\/li>\n\n\n\n<li>Platform<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. Certificates with Weak Algorithms<\/strong><\/h2>\n\n\n\n<p>This report identifies certificates that use outdated or insecure cryptographic algorithms.<\/p>\n\n\n\n<p><strong>Use Cases:<\/strong><\/p>\n\n\n\n<p>Detects certificates using deprecated encryption standards such as SHA-1 or MD5, which may fail compliance checks and pose security risks.<\/p>\n\n\n\n<p><strong>Key Fields:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Certificate Name<\/li>\n\n\n\n<li>Issuer<\/li>\n\n\n\n<li>Algorithm<\/li>\n\n\n\n<li>Signature Hash Algorithm<\/li>\n\n\n\n<li>Key Size<\/li>\n\n\n\n<li>Device Name<\/li>\n\n\n\n<li>Status (Active\/Revoked)<\/li>\n\n\n\n<li>Expiry Date<\/li>\n\n\n\n<li>Subject<\/li>\n\n\n\n<li>Validation Start Date<\/li>\n\n\n\n<li>Username<\/li>\n\n\n\n<li>Platform<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4. Certificates Used for Code Signing<\/strong><\/h2>\n\n\n\n<p>Lists certificates designated for code signing on each device, helping admins manage and monitor developer-issued or third-party signing certs.<\/p>\n\n\n\n<p><strong>Use Cases:<\/strong><\/p>\n\n\n\n<p>Essential for organizations that develop internal tools or sign executables. Helps track valid or misused signing certificates.<\/p>\n\n\n\n<p><strong>Key Fields:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Certificate Name<\/li>\n\n\n\n<li>Store Name<\/li>\n\n\n\n<li>Device Name<\/li>\n\n\n\n<li>Issuer<\/li>\n\n\n\n<li>Algorithm<\/li>\n\n\n\n<li>Status<\/li>\n\n\n\n<li>Key Size<\/li>\n\n\n\n<li>Platform<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5. Expired Certificates<\/strong><\/h2>\n\n\n\n<p>Shows certificates that have already expired, indicating potential risks in authentication, encryption or software trust.<\/p>\n\n\n\n<p><strong>Use Cases:<\/strong><\/p>\n\n\n\n<p>Used to detect and clean up expired certificates that could impact application or service availability.<\/p>\n\n\n\n<p><strong>Key Fields:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Device Name<\/li>\n\n\n\n<li>Certificate Name<\/li>\n\n\n\n<li>Expiry Date<\/li>\n\n\n\n<li>Days Since Expired<\/li>\n\n\n\n<li>Issuer<\/li>\n\n\n\n<li>Algorithm<\/li>\n\n\n\n<li>Subject<\/li>\n\n\n\n<li>Status<\/li>\n\n\n\n<li>Key Size<\/li>\n\n\n\n<li>Validation Start Date<\/li>\n\n\n\n<li>Username<\/li>\n\n\n\n<li>Platform<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>6. Self-Signed Certificates<\/strong><\/h2>\n\n\n\n<p>Lists certificates that are self-signed commonly used for internal testing or local encryption.<\/p>\n\n\n\n<p><strong>Use Cases:<\/strong><\/p>\n\n\n\n<p>Identifies risky or non-standard certificate configurations that may not be trusted by browsers or external systems.<\/p>\n\n\n\n<p><strong>Key Fields:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Certificate Name<\/li>\n\n\n\n<li>Issuer<\/li>\n\n\n\n<li>Algorithm<\/li>\n\n\n\n<li>Status<\/li>\n\n\n\n<li>Subject<\/li>\n\n\n\n<li>Key Size<\/li>\n\n\n\n<li>Device Name<\/li>\n\n\n\n<li>Expiry Date<\/li>\n\n\n\n<li>Validation Start Date<\/li>\n\n\n\n<li>Username<\/li>\n\n\n\n<li>Platform<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>7. Soon-to-Expire Certificates<\/strong><\/h2>\n\n\n\n<p>Highlights certificates nearing their expiry date, allowing IT teams to renew or replace them before services are disrupted.<\/p>\n\n\n\n<p><strong>Use Cases:<\/strong><\/p>\n\n\n\n<p>Critical for proactive maintenance helps prevent outages caused by expired certificates and ensures seamless application functionality.<\/p>\n\n\n\n<p><strong>Key Fields:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Device Name<\/li>\n\n\n\n<li>Certificate Name<\/li>\n\n\n\n<li>Expiry Date<\/li>\n\n\n\n<li>Days Until Expiry<\/li>\n\n\n\n<li>Issuer<\/li>\n\n\n\n<li>Algorithm<\/li>\n\n\n\n<li>Status (Active\/Revoked)<\/li>\n\n\n\n<li>Key Size<\/li>\n\n\n\n<li>Subject<\/li>\n\n\n\n<li>Valid Start Date<\/li>\n\n\n\n<li>Username<\/li>\n\n\n\n<li>Platform<\/li>\n<\/ul>\n","protected":false},"featured_media":0,"parent":2466,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-2529","docs","type-docs","status-publish","hentry"],"comment_count":0,"_links":{"self":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/comments?post=2529"}],"version-history":[{"count":4,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2529\/revisions"}],"predecessor-version":[{"id":2948,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2529\/revisions\/2948"}],"up":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2466"}],"wp:attachment":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/media?parent=2529"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/doc_tag?post=2529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}