Currently the IDP health component "Signing, Encryption and SSL Connector Keys" list all the certificates. This list pretty much unusable in a large implementation. It displays every cert and trusted root and admin need to search this big list to find the actual problem certs.
The health component can be improved by adding 2 different components:
- Expired and Expiring Cert -> with an option of configuring the months of expiration reported( currently its 2 months)
- Other certs -> similar to current - expired and expiring cert.