Searching for Certificates

You can use search tokens to search for certificate information on Certificate tab.

asset.assetInterface.address

Use a text value ##### to specify the host IP address you’re interested in.

Example

Show certificates on assets that have this host IP address

asset.assetInterface.address: 10.20.30.40

asset.assetInterface.hostname

Use a text value ##### to specify the interface hostname you’re interested in.

Example

Show certificates on assets that have this hostname

asset.assetInterface.hostname: xpsp2-jp-26-111

asset.instance.cipherSuites.value

Use a text value ##### to list the certificates that have cipher suits enabled in the SSL/TLS instance.

Examples

Show certificates that have this cipher suit enabled in the SSL/TLS instance

asset.instance.cipherSuites.value: DES-CBC3-SHA

asset.instance.fqdn

Use a text value ##### to specify host FQDN of the assets you’re interested in.

Example

Show certificates on assets that have this host FQDN

asset.instance.fqdn: server1.qualys.com

asset.instance.grade

Use a text value ##### to specify the Certificate Grade for an instance on the host you’re interested in.

Example

Show certificates that have this Certificate Grade for an instance on the host

asset.instance.grade: B

asset.instance.port

Use an integer value ##### to specify the listening port you’re interested in.

Example

Show certificates on assets that have this listening port open

asset.instance.port: 443

asset.instance.service

Use a text value ##### to specify service you’re interested in.

Example

Show certificates on assets that have this service

asset.instance.service: SMTP

asset.instance.sslProtocols

Use a value ##### to specify SSL/TLS protocols you’re interested in.

Example

Show certificates on assets that have this SSL/TLS protocol

asset.instance.sslProtocols: TLSv1.2

asset.instance.vulns.qid

Use an integer value ##### to specify vulnerability QID you’re interested in.

Example

Show certificates on assets that have this vulnerability QID

asset.instance.vulns.qid: 38603

asset.instance.vulns.severity

Use an integer value ##### to specify vulnerability severity you’re interested in.

Example

Show certificates on assets that have this vulnerability severity

asset.instance.vulns.severity: 3

asset.instance.vulns.title

Use a text value ##### to specify vulnerability title you’re interested in.

Example

Show certificates on assets with vulnerabilities that have POODLE in the vulnerability title

asset.instance.vulns.title: POODLE

asset.name

Use a text value ##### to specify the asset name you’re interested in.

Example

Show certificates on assets that have this asset name

asset.name: server1

asset.netbiosName

Use a text value ##### to specify the host NetBios name you’re interested in.

Example

Show certificates on assets that have this host NetBios name

asset.netbiosName: server1

asset.operatingSystem

Use quotes or backticks within values to help you find the host Operating System of the certificate you’re interested in.

Examples

Show any findings with this OS name

asset.operatingSystem: Windows 2012

Show any findings that contain components of OS name

asset.operatingSystem: "Windows 2012"

Show any findings that match exact value "Windows 2012"

asset.operatingSystem: `Windows 2012`

tags.name

Use a text value ##### to specify the asset tag of the certificate you’re interested in.

Example

Show certificates on assets that have this asset tag

tags.name: prod-dmz

archiveReason

Use a text value ##### to list all certificates that were archived for the specified reason.

Examples

Show certificates that were archived with reason: Revoked

archiveReason: Revoked

certhash

Use a text value ##### to specify certificate fingerprint of the certificates you are looking for.

Example

Show certificates that have this hash value

certhash: 20e1541486f2cd405559d8483a3663f2a77c3cf93c72f4f915259f084f814221

dn

Use a text value ##### to list all certificates that have the specified subject identifier in the certificate subject distinguished name (DN).

Examples

Show certificates that have this subject identifier in the distinguished name.

dn: ST=California

expiryGroup

Use quotes or backticks within values to help you filter certificates according to expired time. Values can be:"Expired" or "In n Days" where "n" is any number

Examples

Show certificates which expired in last 20 days

expiryGroup: "In 20 Days"

Examples

Show all expired certificates in your subscription

expiryGroup: "Expired"

instanceCount

Use an integer value ##### to specify the number of instances found in the certificate you’re interested in.

Example

Show certificates that have these number of instances found per certificate

instanceCount: 12

isRenewable

Use the values true | false to find certificates that can only be renewed with Qualys. Certificates can be renewed with Qualys if they are issued by a DigiCert CA and are expiring in next 90 days or are already expired.

Example

Show certificates that are renewable with Qualys

isRenewable: true

issuer.country

Use a text value ##### to specify the country mentioned in the issuer distinguished name you’re interested in.

Example

Show certificates that have this country in issuer DN

issuer.country: US

issuer.name

Use a text value ##### to specify name of the issuing certificate authority you're interested in.

Example

Show the certificates having this issuing authority name

issuer.name: Symantec Class 3 EV SSL CA - G3

issuer.organization

Use a text value ##### to specify the organization mentioned in the issuer distinguished name you’re interested in.

Example

Show certificates that have this organization in issuer DN

issuer.organization: Symantec Corporation

issuer.organizationUnit

Use a text value ##### to specify the organization unit mentioned in the issuer distinguished name you’re interested in.

Example

Show certificates that have this organization unit in issuer DN

issuer.organizationUnit: Symantec Trust Network

keySize

Use a text value ##### to specify the key length of a certificate.

Example

Show certificates that have 2048-bit keys

keySize: 2048

selfSigned

Use the values true | false to find certificates that are self-signed.

Examples

Show certificates that are self-signed

selfSigned: true

signatureAlgorithm

Use a text value ##### to specify the signing algorithm for a certificate.

Example

Show certificates that use this signature algorithm

signatureAlgorithm: SHA256withRSA

subjectAlternativeNames.dnsName

Use a text value ##### show the DNS Name in Certificate Subject Alternate Name (SAN).

Examples

Show certificates that have the specified DNS Name in Certificate SAN

subjectAlternativeNames.dnsName: www.qualys.com

subjectAlternativeNames.ipAddress

Use a text value ##### to show the IP address in Certificate Subject Alternate Name (SAN).

Examples

Show certificates that have the specified the IP address in Certificate SAN

subjectAlternativeNames.ipAddress: 10.113.197.210

subject.country

Use a text value ##### to specify the country mentioned in the subject distinguished name you’re interested in.

Example

Show certificates that have this country in subject DN

subject.country: US

subject.locality

Use a text value ##### to specify the locality mentioned in the subject distinguished name you’re interested in.

Example

Show certificates that have this locality in subject DN

subject.locality: Redwood City

subject.name

Use a text value ##### to define the certificate name you're interested in.

Example

Show certificates with this name

subject.name: www.qualys.com

subject.organization

Use a text value ##### to specify the organization mentioned in the subject distinguished name you’re interested in.

Example

Show certificates that have this organization in subject DN

subject.organization: Qualys, Inc.

subject.state

Use a text value ##### to specify the state mentioned in the subject distinguished name you’re interested in.

Example

Show certificates that have this state in subject DN

subject.state: California

validFrom

Use a date range or specific date to define validation date of the certificates you are looking for.

Examples

Show certificates that are valid within certain dates

validFrom: [2018-06-15 ... 2018-06-30]

Show certificates that are valid on a specific date

validFrom:'2017-12-14'

validTo

Use a date range or specific date to define expiration date of the certificates you are looking for.

Examples

Show certificates that are expiring within certain dates

validTo: [2018-06-15 ... 2018-06-30]

Show certificates that are expiring on a specific date

validTo:'2017-12-14'

Other tabs

authorities

Use a text value ##### to specify the type of Certificate Authority you are looking for. Values can be:"Root", "Intermediate"

Examples

Show certificates that have CA type Intermediate

authorities: Intermediate

type

Use a text value ##### to specify the type of report you are looking for. Values can be:"Scheduled", "On Demand"

Examples

Show reports of the type On Demand

type: On Demand

title

Use a text value ##### to specify the name of report you are looking for. Values can be:"Cert Expiration Report", "Weak grades report"

Examples

Show reports having the title Weak grades report

title: Weak grades report

certificate.request.type

Use the values ENROLLMENT | RENEWAL to specify the type of your certificate request.

Example

Show all certificates requested for renewal

certificate.request.type: RENEWAL

certificate.request.cn

Use a text value ##### to specify the common name of the certificate you’re interested in.

Example

Show all certificates with common name certificate.qualys-demo.com

certificate.request.cn: certificate.qualys-demo.com

certificate.request.date

Use a date range or specific date to define when certificates were requested.

Examples

Show findings with certificates requested within certain dates

certificate.request.date: [2017-06-15 ... 2017-06-30]

Show findings with certificates requested starting 2017-06-22, ending 1 month ago

certificate.request.date: [2017-06-22 ... now-1M]

Show findings with certificates requested starting 2 weeks ago, ending 1 second ago

certificate.request.date: [now-2w ... now-1s]

Show findings with certificates requested on specific date

certificate.request.date:'2017-06-14'

certificate.request.status

Use quotes or backticks within values to help you find the certificate request status you're looking for. Status values can be: "SUBMITTED", "APPROVED", "REJECTED", "POSTED", "DENIED"

Examples

Show any findings with this status

certificate.request.status: SUBMITTED

Show any findings that match exact value

certificate.request.status: "SUBMITTED"