Workspace
Cert posture
Every TLS certificate on every subdomain you're monitoring, graded for cipher strength, TLS version, validity window, HSTS, and CAA. Refreshed daily; certs with <14 days remaining are flagged (short-validity is the new normal — 30-day windows are just routine rotation now).
Expiring in the next 14 days
Sorted by days remaining. Anything inside 7 days renders red.
Lowest-graded certificates
Self-signed, expired, weak TLS, or missing HSTS — the ten worst hosts in your portfolio.
Issuer mix
Who's signing your certs. Outliers (a single host on an unusual CA) are worth a second look.