Either QualysGuard's Scheduled Reports feature or the programmatic flexibility of the API can solve this problem.
(SSL Labs can help, too, but that service is interactive and one-at-a-time, which is not what you're looking for.)
To see how this would work I logged in to my QualysGuard VM subscription and navigated to "Reports" and then the "Search Lists" tab. I defined a new Static List for relevant SSL/TLS certificate QIDs: 38167 – 38174. (These cover expired, expiring, nonsensical start dates, self-signed, etc.)
Then under the "Templates" tab I created a new Scan Template using my search list. I also restricted the new template to HTTPS ports, since that's what I was excusively interested in.
Finally, under the "Schedules" tab I configured a new Scan Report (Template Based) from this template. I set my time zone, scheduled monthly recurrence, and requested email notification to myself.
Note: If you take this approach, be sure to schedule a scan to run before the report, so that your new report has fresh data to work from each time it runs.
Alternatively, if you have the development resources for a modest custom script, the asset/host/vm/detection QualysGuard 2.0 API call can provide you with the information you need.
You could either request the same QIDs as above or, if you're comfortable parsing XML and text, take a handy shortcut and simply search for QID 86002 ("SSL Certificate - Information"). The "RESULTS" section of this IG contains a parseable text dump of the detected SSL/TLS certificate chain. The Valid From and Valid To lines contain the date information you're looking for.
From there you just need something like cron (Unix), Task Scheduler (Windows) or a recurring entry in your ticketing system to run the script monthly.
many thanks will give these a go
Sent from my iPad