The general idea is to have a set of tools that will enable an admin to find and monitor PKI Certificates (either local or remote) that can notify the admin when certain scenarios occur in regards to a specific (set of) certificates.
These tools should (ideally) be accessible from both the command line as through a (secure) web-based UI.