Understanding the Discovery Certificate Dashboard

Certificate Summary

This widget provides a quick snapshot of the overall certificate landscape, highlighting the influx of new certificates and the proportion under active management or monitoring. A high number of newly discovered certificates may warrant further investigation.

Certificate Distribution by Category

This widget helps you understand the distribution of certificate types, identifying their primary use within your environment and highlighting areas that may need focused management or stronger security policies. For example, a high number of server certificates may suggest a large web infrastructure.

Certificate Distribution by Issuer

This widget provides insight into which entities issued your certificates—crucial for trust management and understanding dependencies on various certificate authorities. If specific issuers are identified, the chart visualizes the proportion of certificates issued by each. The current view indicates a need to investigate the issuers for improved visibility.

Certificate Status Report

This widget is essential for proactive certificate management, helping you quickly identify certificates that are nearing expiry or already expired. It supports timely renewals to prevent service disruptions and security risks. Additionally, the count of revoked certificates may indicate potential security incidents or policy enforcement actions.

Certificates by Key Algorithm Strength

This widget helps assess the cryptographic strength of your certificates, offering insight into your overall security posture. A high number of certificates using low or medium strength algorithms may signal potential vulnerabilities and the need to upgrade to stronger algorithms. Ideally, most certificates should fall into the 'High' strength category.

Certificates by Hash Algorithm Strength

The hash algorithm ensures certificate integrity. Certificates using weak hash algorithms pose a security risk, as they can be more easily tampered with. This widget helps identify such certificates and prioritize their migration to stronger, more secure algorithms.

Vendor Type Distribution

This widget helps understand dependency on various device or server vendors. This insight is valuable for vendor management, cost analysis, and aligning with organizational policies on infrastructure diversity or consolidation. It can also highlight potential single points of failure associated with specific vendors.

Certificates with Trusted vs Untrusted CA Status

This widget is crucial for assessing the trustworthiness and security of the certificate ecosystem. Ideally, the vast majority of certificates should be issued by trusted CAs. A high number of untrusted certificates may indicate security risks, misconfigurations, or the use of self-signed certificates where CA-signed ones are recommended. Investigating and addressing untrusted certificates is essential for maintaining a secure environment.

PQC Compliance Certificates

This widget highlights readiness for the post-quantum era, as current cryptographic algorithms may become vulnerable with advances in quantum computing. A high number of non-compliant certificates signals a potential future security risk, making long-term planning for migration to PQC-compliant algorithms essential. At present, with all certificates marked as non-compliant, this represents a key area to monitor and prepare for as PQC standards and implementations evolve.