Searching for Certificates
You can use search tokens to search for certificate information on Certificate
tab.
asset.assetInterface.address
Use a text value ##### to specify the host IP
address you’re interested in.
Example
Show certificates on assets that have this host IP address
asset.assetInterface.address: 10.20.30.40
asset.assetInterface.hostname
Use a text value ##### to specify the interface
hostname you’re interested in.
Example
Show certificates on assets that have this hostname
asset.assetInterface.hostname: xpsp2-jp-26-111
asset.instance.cipherSuites.value
Use a text value ##### to list the certificates
that have cipher suits enabled in the SSL/TLS instance.
Examples
Show certificates that have this cipher suit enabled in the SSL/TLS
instance
asset.instance.cipherSuites.value: DES-CBC3-SHA
asset.instance.fqdn
Use a text value ##### to specify host FQDN of
the assets you’re interested in.
Example
Show certificates on assets that have this host FQDN
asset.instance.fqdn: server1.qualys.com
asset.instance.grade
Use a text value ##### to specify the Certificate
Grade for an instance on the host you’re interested in.
Example
Show certificates that have this Certificate Grade for an instance
on the host
asset.instance.grade: B
asset.instance.port
Use an integer value ##### to specify the listening
port you’re interested in.
Example
Show certificates on assets that have this listening port open
asset.instance.port: 443
asset.instance.service
Use a text value ##### to specify service you’re
interested in.
Example
Show certificates on assets that have this service
asset.instance.service: SMTP
asset.instance.sslProtocols
Use a value ##### to specify SSL/TLS protocols
you’re interested in.
Example
Show certificates on assets that have this SSL/TLS protocol
asset.instance.sslProtocols: TLSv1.2
asset.instance.vulns.qid
Use an integer value ##### to specify vulnerability
QID you’re interested in.
Example
Show certificates on assets that have this vulnerability QID
asset.instance.vulns.qid: 38603
asset.instance.vulns.severity
Use an integer value ##### to specify vulnerability
severity you’re interested in.
Example
Show certificates on assets that have this vulnerability severity
asset.instance.vulns.severity: 3
asset.instance.vulns.title
Use a text value ##### to specify vulnerability
title you’re interested in.
Example
Show certificates on assets with vulnerabilities that have POODLE
in the vulnerability title
asset.instance.vulns.title: POODLE
asset.name
Use a text value ##### to specify the asset name
you’re interested in.
Example
Show certificates on assets that have this asset name
asset.name: server1
asset.netbiosName
Use a text value ##### to specify the host NetBios
name you’re interested in.
Example
Show certificates on assets that have this host NetBios name
asset.netbiosName: server1
asset.operatingSystem
Use quotes or backticks within values to help
you find the host Operating System of the certificate you’re interested
in.
Examples
Show any findings with this OS name
asset.operatingSystem: Windows 2012
Show any findings that contain components of OS name
asset.operatingSystem: "Windows 2012"
Show any findings that match exact value "Windows 2012"
asset.operatingSystem: `Windows 2012`
archiveReason
Use a text value ##### to list all certificates
that were archived for the specified reason.
Examples
Show certificates that were archived with reason: Revoked
archiveReason: Revoked
certhash
Use a text value ##### to specify certificate
fingerprint of the certificates you are looking for.
Example
Show certificates that have this hash value
certhash: 20e1541486f2cd405559d8483a3663f2a77c3cf93c72f4f915259f084f814221
dn
Use a text value ##### to list all certificates
that have the specified subject identifier in the certificate subject
distinguished name (DN).
Examples
Show certificates that have this subject identifier in the distinguished
name.
dn: ST=California
expiryGroup
Use quotes or backticks within values to help
you filter certificates according to expired time. Values can be:"Expired"
or "In n Days" where "n" is any number
Examples
Show certificates which expired in last 20 days
expiryGroup: "In 20 Days"
Examples
Show all expired certificates in your subscription
expiryGroup: "Expired"
instanceCount
Use an integer value ##### to specify the number
of instances found in the certificate you’re interested in.
Example
Show certificates that have these number of instances found per
certificate
instanceCount: 12
isRenewable
Use the values true | false to
find certificates that can only be renewed with Qualys. Certificates
can be renewed with Qualys if they are issued by a DigiCert CA and
are expiring in next 90 days or are already expired.
Example
Show certificates that are renewable with Qualys
isRenewable: true
issuer.country
Use a text value ##### to specify the country
mentioned in the issuer distinguished name you’re interested in.
Example
Show certificates that have this country in issuer DN
issuer.country: US
issuer.name
Use a text value ##### to specify name of the
issuing certificate authority you're interested in.
Example
Show the certificates having this issuing authority name
issuer.name: Symantec Class 3 EV SSL CA - G3
issuer.organization
Use a text value ##### to specify the organization
mentioned in the issuer distinguished name you’re interested in.
Example
Show certificates that have this organization in issuer DN
issuer.organization: Symantec Corporation
issuer.organizationUnit
Use a text value ##### to specify the organization
unit mentioned in the issuer distinguished name you’re interested
in.
Example
Show certificates that have this organization unit in issuer DN
issuer.organizationUnit: Symantec Trust Network
keySize
Use a text value ##### to specify the key length
of a certificate.
Example
Show certificates that have 2048-bit keys
keySize: 2048
selfSigned
Use the values true | false to
find certificates that are self-signed.
Examples
Show certificates that are self-signed
selfSigned: true
signatureAlgorithm
Use a text value ##### to specify the signing
algorithm for a certificate.
Example
Show certificates that use this signature algorithm
signatureAlgorithm: SHA256withRSA
subjectAlternativeNames.dnsName
Use a text value ##### show the DNS Name in Certificate
Subject Alternate Name (SAN).
Examples
Show certificates that have the specified DNS Name in Certificate
SAN
subjectAlternativeNames.dnsName: www.qualys.com
subjectAlternativeNames.ipAddress
Use a text value ##### to show the IP address
in Certificate Subject Alternate Name (SAN).
Examples
Show certificates that have the specified the IP address in Certificate
SAN
subjectAlternativeNames.ipAddress: 10.113.197.210
subject.country
Use a text value ##### to specify the country
mentioned in the subject distinguished name you’re interested in.
Example
Show certificates that have this country in subject DN
subject.country: US
subject.locality
Use a text value ##### to specify the locality
mentioned in the subject distinguished name you’re interested in.
Example
Show certificates that have this locality in subject DN
subject.locality: Redwood City
subject.name
Use a text value ##### to define the certificate
name you're interested in.
Example
Show certificates with this name
subject.name: www.qualys.com
subject.organization
Use a text value ##### to specify the organization
mentioned in the subject distinguished name you’re interested in.
Example
Show certificates that have this organization in subject DN
subject.organization: Qualys, Inc.
subject.state
Use a text value ##### to specify the state mentioned
in the subject distinguished name you’re interested in.
Example
Show certificates that have this state in subject DN
subject.state: California
validFrom
Use a date range or specific date to define validation
date of the certificates you are looking for.
Examples
Show certificates that are valid within certain dates
validFrom: [2018-06-15 ... 2018-06-30]
Show certificates that are valid on a specific date
validFrom:'2017-12-14'
validTo
Use a date range or specific date to specify expiration
date of the certificates you are looking for.
Examples
Show certificates that expire before 2022-01-20
validTo < "2022-01-20"
Show certificates that expire after 2020
validTo > "2020"
Show certificates that expire before March 2020 (yyyy-mm)
validTo < "2020-03"
Show certificates that expire between today and 2020-12-01
validTo: "[now..2020-12-01]"
certificate.request.type
Use the values ENROLLMENT | RENEWAL
to specify the type of your certificate request.
Example
Show all certificates requested for renewal
certificate.request.type: RENEWAL
certificate.request.cn
Use a text value ##### to specify the common name
of the certificate you’re interested in.
Example
Show all certificates with common name certificate.qualys-demo.com
certificate.request.cn: certificate.qualys-demo.com
certificate.request.date
Use a date range or specific date to define when
certificates were requested.
Examples
Show findings with certificates requested within certain dates
certificate.request.date: [2017-06-15 ... 2017-06-30]
Show findings with certificates requested starting 2017-06-22, ending
1 month ago
certificate.request.date: [2017-06-22 ... now-1M]
Show findings with certificates requested starting 2 weeks ago,
ending 1 second ago
certificate.request.date: [now-2w ... now-1s]
Show findings with certificates requested on specific date
certificate.request.date:'2017-06-14'
certificate.request.status
Use quotes or backticks within values to help
you find the certificate request status you're looking for. Status
values can be: "SUBMITTED", "APPROVED", "REJECTED",
"POSTED", "DENIED"
Examples
Show any findings with this status
certificate.request.status: SUBMITTED
Show any findings that match exact value
certificate.request.status: "SUBMITTED"