KeyChest allows you to create groups for notifications. These groups can currently be defined using one of the following:
  1. IP range of the servers where a certificate has been identified
  2. a full list of hostnames / servernames
  3. "wildcard" hostname
  4. port where the certificate has been identified - e.g. 6003 for Oracle team
  5. issuing CA - if you use internal CAs for different parts of your organization
Using the groups, you can filter relevant notifications or daily summary emails - which collate information for certificates expiring at 4-5 different times till expiry. With the first such summary available at 60 days before certificate expiry.