Certificate inventory

View as Markdown

When viewing certificates, you can use the following keywords to search and filter.

General certificate fields

Certificate ID

The ID field is the unique identifier for a given certificate, written as a UUID. Use the syntax id:<uuid> to filter by ID field.

id:21e5252d-a6a5-467e-83ed-683657412dff

Certificate type

Use the syntax type:<text> to search for certificates by type.

type:x509

Name

Use the syntax name:<text> to search for certificates by name.

name:example.com

Validity

Use valid_from:<time> and valid_until:<time> to search for certificates by when they are valid.

valid_from:>2025-01-01

valid_until:<2026-01-01

Public key

Use the syntax public_key:<text> to search for certificates by public key.

public_key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ899KGnqHjVuBekYqosp2l8zWbiyu2I62CzaqaouLtqn1nXaQLMdruhlNN9ShCPfCM2JAROVjrd1PwhxLvJxAMbC+UJz2914SRn+lhFQl7yo03t+OoobwSXyj+ukbOHp1lYklYjMauScZScIDdPmLEjwDa8pfSr2TQoihjSDeawIDAQAB

Public key algorithm

Use pk_algorithm:<text> or public_key_algorithm:<text> to search for certificates by public key algorithm.

pk_algorithm:rsaEncryption

Public key size

Use pk_size:<number> to search for certificates by public key size. You will usually want to specify the public key algorithm as well, as different algorithms have different key size ranges.

pk_algorithm:rsaEncryption and pk_size:<2048

RSA modulus

Use rsa_modulus:<number> to search for certificates using RSA encryption by modulus.

rsa_modulus:24103124269210325885520760221975660748569505485024599426541169488887185854621

RSA exponent

Use rsa_exponent:<number> to search for certificates using RSA encryption by exponent.

rsa_exponent:65537

DSA p

Use dsa_p:<number> to search for certificates using DSA encryption by parameter p.

dsa_p:177153854627485855237091799251665123928681135467044234987602313329516356048326341718397044415619278113858376637092966316050520797637071138...

DSA q

Use dsa_q:<number> to search for certificates using DSA encryption by parameter q.

dsa_q:23882561345098730106466767...

DSA g

Use dsa_g:<number> to search for certificates using DSA encryption by parameter g.

dsa_g:11506196528065909918480452874980083486869300271555091075530405860582486808935940564845326748921808017076639122038283872065180147270617068040177316324578343...

ECDSA curve

Use ecdsa_curve:<text> to search for certificates using ECDSA encryption by curve.

ecdsa_curve:P-256

Insecure public key

Use the syntax public_key_insecure:true to search for certificates with insecure public key algorithm and key size combinations.

Signature

Use the syntax signature:<text> to search for certificates by signature.

signature:Bden73ipj8B2xb1Ozy5nOvIytCktGrht5xL7ZfFlaLIBQxbGO5Iuf6Y1yICcEpYqsgSJS6JKCdw5dujmPmGRwBZfVhIbSRb0exFQ4BVp82WtDHfy3QBgcmtusRIxLyM5ToTT2O53NxaSGaw3IRLXZ0y343RGlKOyQxEXeoHbLsVrpmMrqAKkHJkhjTKn7E9WDc4RCsAvd13BIDP80dDWK7OMZJnCDXGQwz2MkAYZNyjRRXA5XeO2cvMq36/4phyJDhIz1oDgDLOFDnCGKkW5gc8MjE0uxFIYTHKNkx+2WIU/j4uQGNAJQbqqCnupV4qjI29PQFnFecnphkKw==

Signature algorithm

Use sig_algorithm:<text> or signature_algorithm:<text> to search for certificates by signature algorithm.

sig_algorithm:sha512WithRSAEncryption

Insecure signature

Use the syntax signature_algorithm_insecure:true to search for certificates with insecure signatures.

Self-signed

Use self_signed:true to search for self-signed certificates.

Certificate authority

Use is_ca:true to search for certificates that are certificate authorities (CAs).

Subject

Use subject:<text> to search for certificates by X.509 subject DN.

subject:"CN=Server Name/O=Company Name"

Common name

You can search for certificates by common name using cn:<name>. This is equivalent to searching the subject DN for just the CN field.

cn:"Server Name"

Subject alternative name

You can search the four sets of Subject Alternative Names (SANs) using the following keywords:

san_dns_name:example.com
san_ip_address:10.0.1.23
san_email_address:[email protected]
san_uri:https://example.com

Issuer

Use issuer:<text> to search for certificates by X.509 issuer DN.

issuer:"CN=Certificate Authority Name"

Subject key ID

To search by X.509 subject key ID, use subject_key_id:<text>. Values are accepted with or without colons in.

subject_key_id:"12:90:EF:DD:E1:27:A4:47:3E:32:57:AF:44:75:92:8E:8C:C2:0A:C0"
subject_key_id:1290EFDDE127A4473E3257AF4475928E8CC20AC0

Authority key ID

To search by X.509 authority key ID, use authority_key_id:<text>. Values are accepted with or without colons in.

authority_key_id:"12:90:EF:DD:E1:27:A4:47:3E:32:57:AF:44:75:92:8E:8C:C2:0A:C0"
authority_key_id:1290EFDDE127A4473E3257AF4475928E8CC20AC0

OCSP server

Use ocsp_server:<text> to search for certificates by OCSP server.

ocsp_server:http://ocsp.test.com

CRL distribution point

Use crl_distribution_points:<text> or crl_distribution_point:<text> to search for certificates by CRL distribution point.

crl_distribution_points:http://x1.c.lencr.org/

Issuing certificate URL

Use issuing_certificate_url:<text> to search for certificates by Issuing certificate URL.

issuing_certificate_url:http://x1.i.lencr.org/

Hash

You can find certificates based on their MD5, SHA1, SHA256 or BK hash values.

md5:<hash value>
sha1:<hash value>
sha256:<hash value>
bkhash:<hash value>

Serial number

Use serial_number:<text> to search for certificates by serial number.

serial_number:123456

Timestamps

Use the following syntaxes to search certificate inventory timestamp fields:

  • created_at:<term>
  • updated_at:<term>
  • last_seen:<term>

The term supports the standard runZero time comparison syntax [time comparison][time], for example:

last_seen:<1week

last_seen:<2months

last_seen:<1year

Associate services

Use associate_services:<number> or service_count:<number> to search for certificates by the number of associated services.

associated_services:>10

Hidden Certificates

Use hidden:true to search for certificates that have been hidden from the inventory.

Version

Use version:<text> to search for certificates by version, such as x509 version.

version:3

Tags

Use the syntax tag:<term> to search tags added to a certificate. The term can be the tag name, or the tag name followed by an equal sign and the tag value. Tag value matches must be exact.

tag:"group"

tag:"group=production"

Comments

Use the syntax comment:<text> to search comments on a certificate.

comment:"contractor laptop"

comment:"imaging server"

### Vulnerability name {#certificates-vulnerability-name}

Use the syntax `vulnerability_name:<text>` to search for certificates by associated vulnerability name.

```plaintext
vulnerability_name:"Expired Certificate On TLS Service"

Vulnerability Count

Use the syntax vulnerability_count:<number> to search for certificates by the number of associated vulnerabilities. This field supports numerical comparison operators (>, >=, <, <=, =).

vulnerability_count:>2

Has vulnerability

Use the syntax has_vulnerability:<boolean> to search for certificates that have (or do not have) associated vulnerabilities.

has_vulnerability:true
Updated