Sample Report: Certificate & TLS Inventory Assessment

This page presents a sample structure for a practical infrastructure-focused assessment. It is not a real client report and contains no production data.

1. Executive summary

The assessment identifies externally visible and internal TLS endpoints, certificate lifecycle issues, protocol exposure, weak configurations and dependencies that may affect future security modernization and post-quantum cryptography readiness.

Example conclusion: the organization has several undocumented certificates, mixed TLS configurations, no complete ownership map and limited visibility into RSA/ECC dependencies across legacy systems.

2. Scope

  • Public HTTPS endpoints.
  • Internal Windows Server and IIS services.
  • VPN, remote access and file transfer services.
  • Certificate stores and selected application dependencies.
  • Initial RSA/ECC dependency mapping.

3. Example inventory table

System Protocol Certificate / key type Risk Recommended action
Public web service TLS 1.2 / TLS 1.3 RSA 2048 Medium Document owner, confirm renewal process, evaluate future ECDSA/PQC roadmap.
Legacy internal portal TLS 1.0 / TLS 1.1 RSA 2048 High Prioritize protocol upgrade or application replacement.
VPN appliance IPsec / SSL VPN Vendor-managed crypto Medium Request vendor PQC and crypto-agility roadmap.

4. Risk categories

  • Expired or undocumented certificates.
  • Weak or deprecated TLS protocol support.
  • Hard-coded cryptographic dependencies.
  • Vendor-controlled cryptography with unclear roadmap.
  • Long-term confidentiality risk for sensitive archived data.

5. Recommended roadmap

Quick wins

  • Create a complete certificate ownership register.
  • Disable obsolete TLS versions where operationally possible.
  • Document all externally exposed TLS endpoints.

Medium-term actions

  • Map RSA/ECC dependency across VPN, PKI, file transfer and application systems.
  • Ask key vendors for post-quantum cryptography and crypto-agility roadmaps.
  • Define certificate lifecycle and renewal accountability.

Long-term actions

  • Build a crypto-agility policy for infrastructure and procurement.
  • Align modernization plans with NIS2, ISO 27001 and future PQC migration requirements.
  • Prepare controlled pilot environments for hybrid or PQC-capable protocols when vendor support matures.