Live Monitoring: real-time visibility into PKI operations

Khatim PKI Server provides a unified live monitoring surface that shows the health and activity of your entire PKI fabric in real time. Key telemetry exposes live includes certificate issuance and revocation events.

Because the Certificate Provider module records every request it handles, administrators can see incoming issuance, renewal, and deletion operations as they happen. Live dashboards display throughput (requests/sec), success vs failure rates so operators detect spikes, outages, or anomalous behavior the moment it occurs.

"From issuance to expiry - watch your PKI in motion"

Khatim PKI Server - CP - Realtime Stats

Statistical dashboards & historical trends

Khatim PKI Server converts transaction-level telemetry into meaningful charts and comparisons so teams can analyze behavior over days, weeks, months or custom ranges. Key chart and trend types include:

  • Issued / revoked / expired certificates – time-series and cumulative counts, with per-CA breakdowns.

  • Request trends – TPS and success/failure rate history for CP engines.

  • Policy usage – which issuance templates/policies are most active.

  • Signing algorithm & key usage – adoption of RSA/ECDSA/PQC and HSM slot usage over time.

  • Failure breakdowns – historical occurrence of error classes for root-cause analysis.

Administrators can filter charts by CA, issuance policy, host IP or client app. A dedicated compare mode lets you place multiple CAs side-by-side (issued vs revoked vs expired) to detect configuration drift or a problematic CA that is issuing anomalously.

"Trends explain what alerts only hint at"

Khatim PKI Server - Certificate Provider Stats
Khatim PKI Server - Certificate Provider Historical Trends
Khatim PKI Server - Comparing CAs

Certificate Provider: PKI transaction logs & troubleshooting

The Certificate Provider (CP) is a core engine inside Khatim PKI Server that processes certificate lifecycle operations. Each CP transaction is recorded with full contextual metadata so admins can inspect and resolve issues fast:

  • Transaction timestamp and processing time

  • Policy used to issue/renew/delete the certificate

  • Requestor IP and target host (client / RA / API caller)

  • Signing certificate or key alias used (HSM mapping)

  • Outcome (success/failure) and failure codes

  • Certificate serial number, subject, validity window and template info

From the live list, administrators can drill into any transaction to view the full request/response detail in a human-friendly format, analyze why a renewal failed, identify template misconfiguration or confirm that a revocation command executed correctly. Original documents are not stored (privacy-preserving), but all operational metadata required for troubleshooting and audits is retained.

"Every CP transaction tells the story of a certificate"

Khatim PKI Server - Certificate Provider Transaction Logs

Daily Summary & historical reporting

Khatim PKI Server generates configurable Daily Summary Reports for Certificate Provider activity, which provide at-a-glance operational health and a digest of critical events:

  • Overview counts (issued, renewed, revoked, failed)

  • Top failure types and impacted policies

  • Per-CA and per-client activity breakdowns

  • Trend highlights and unusual deviations

These summaries are delivered automatically and can be used for SLA reporting, billing reconciliation, or feeding monthly/quarterly audit packs. Longer-term historical reporting (weekly, monthly, yearly) is available for forensic timelines and compliance archives.

"Daily snapshots. Long-term proof"

Khatim PKI Server - Daily Summary Report - Certificate Provider
Khatim PKI Server - Daily Summary Report - CA

Certificate Provider auditing capabilities

Khatim PKI Server’s auditing for the CP is built around traceability and evidentiary value:

  • Full audit trail: Every CP action (issue, renew, revoke, delete, key usage) is recorded with actor, timestamp and policy context.

  • Immutable records: Transaction logs and audit events are retained with cryptographic integrity options for long-term evidence.

  • Email & alerting: Critical CP failures and policy violations generate immediate alerts and can be pushed to admins or downstream incident systems.

  • Export & sign: Administrators can export transactions for external review (CSV/JSON) and create signed archives for compliance retention.

  • Role separation & access control: Viewing CP configuration logs is governed by PKI roles so only authorized personnel can perform forensic actions.

These capabilities make it straightforward to answer audit questions such as “who issued this cert, when, under which policy, and using which key”.

"Audit-ready by design"

How admins Khatim PKI Server day-to-day

  • Operations: monitor live TPS, identify overloaded RA or CA nodes and scale or remediate quickly.

  • PKI Admins: drill into CP transactions to troubleshoot policy/template issues and re-run or repair failed issuance flows.

  • Security & Compliance: export signed audit packs and demonstrate chain-of-custody for issued certificates.

  • Capacity & Product Teams: analyze historical trends to forecast certificate growth and plan capacity.

Words from Client

Leading companies rely on us for their PKI and digital signature needs

We were struggling with our PKI implementation when Codegic came to the rescue. They not only sorted our technical issues but also designed the whole PKI for the infrastructure.

Hemal Patel, CEO, Ray Pte. Ltd.