Skip to main content
Monitoring

Certificates

Browsing, searching, and understanding the certificate inventory CertShield discovers for you.

The Certificates page is your full inventory — every certificate CertShield has ever discovered for the domains you monitor, whether it’s currently in use, expired, or has been revoked.

How certificates get into the list

Two ways, and they map to the two discovery tracks explained in How CertShield finds your certificates:

  1. From a live endpoint. The server served it during a TLS handshake.
  2. From Certificate Transparency logs. The Certificate Authority logged it, and CertShield found it during CT search.

A single certificate can appear through both channels. The detail page tells you which.

The filter chips

Above the table you’ll see a row of filter chips. Click one to narrow the list:

  • All — everything, including archived.
  • Active — valid today and not expiring within the warning window.
  • Expiring — valid but within 30 days of expiry.
  • Expired — past the “not after” date.
  • Revoked — explicitly revoked by the Certificate Authority.
  • Archived — certificates you’ve asked CertShield to stop alerting on.

You can also filter by domain or by endpoint by clicking through from those pages.

Searching

The search box matches across the subject, issuer, serial number, and fingerprint. Paste in a serial number you saw in a security advisory to see if it affects you.

What the detail page shows

Click any certificate’s subject to open its detail view. You’ll find:

  • Subject and issuer — who the cert is for, who issued it.
  • Validity window — “not before” and “not after” dates, with a visual timeline showing how much runway is left.
  • Serial number and fingerprint — identifiers you’ll need if you’re filing a ticket with a CA or cross-referencing a security advisory.
  • Key and signature details — algorithm, key size, signature scheme. Handy for audits.
  • Subject Alternative Names (SANs) — every hostname the cert is valid for.
  • X.509 extensions — key usage, extended key usage, basic constraints, and the rest of the technical fields.
  • Certificate chain — the full chain as the server presents it, with per-certificate validation status.
  • Live endpoints serving this certificate — helpful for “where is this cert actually deployed?”
  • PEM — the raw certificate and chain, copyable with one click.

Exporting

The Export CSV button dumps the currently visible rows to a CSV file with the common fields. Filters apply — if you’ve filtered to “Expiring,” you only export expiring certs.

Archiving a certificate

Archiving a certificate tells CertShield to stop sending alerts about it. Use this for certs you’ve already migrated away from or that you knowingly don’t care about. Archiving is always reversible.

Archiving a certificate does not affect your plan’s endpoint limit. Endpoint archiving does that; see Endpoints.

What’s next

← Back to Help Center Contact support