Certificate Management Metrics

Certificates Snapshot

This widget provides a real-time overview of all certificates managed across Kubernetes clusters, segmented into different categories:

  • Total Certificates – The total number of certificates being managed.

  • Edge Certificates – Certificates used by Kubernetes Ingress, Gateway, and Routes.

  • Workload Certificates – Certificates used within the cluster but not by edge components.

  • mTLS Certificates – Certificates issued by AppViewX KUBE+ for service mesh mTLS communication.

  • Infrastructure Certificates – Certificates used by Kubernetes system components.

Key Benefit: Helps track the distribution of certificates across different components of the Kubernetes ecosystem.

Certificates Expiry

A donut chart that provides a breakdown of certificates based on their expiry status:

  • Valid Certificates – Currently active and within their validity period.

  • About to Expire – Certificates nearing expiration.

  • Expired Certificates – Certificates that have already expired.

Key Benefit: Provides a quick view of expiring certificates to ensure proactive renewal and avoid disruptions.

Certificate Posture

This widget highlights the compliance posture of the certificates managed across Kubernetes clusters. It helps in identifying certificates that impact overall compliance based on the following risk factors:

  • Selfsigned Certificates

  • Certificates issued by unknown CAs

  • Wildcard Certificates

  • Weak hash & key algorithms

  • Certificates issued directly from a Root CA

Key Benefit: Helps identify noncompliant certificates that may introduce security risks.

Application Posture

This widget evaluates the compliance of applications deployed in the Kubernetes clusters, based on certificate-related risks. Metrics include:

  • Applications using certificates not compliant with Google’s 90 day readiness.

  • Applications using certificates not compliant with Apple’s 47 day readiness.

  • Applications using wildcard certificates.

  • Applications using certificates issued by certmanager (opensource version).

  • Applications with certificates shared across multiple secrets and namespaces.

Key Benefit: Helps DevOps and security teams ensure applications adhere to best practices and compliance standards.

Issuing Certificate Authority's

This widget provides insights into the Certificate Authorities (CAs) that are being used to issue certificates across the Kubernetes environment.

Key Benefit: Gives the PKI team visibility into CAs in use, ensuring governance over certificate issuance.