You can use search tokens to search for certificate information on Certificate tab.
Use a text value ##### to specify the host IP address.
Example
Show certificates on assets that have this host IP address
asset:(assetInterface.address: 10.20.30.40)
asset:(assetInterface.hostname
Use a text value ##### to specify the interface hostname.
Example
Show certificates on assets that have this hostname
asset:(assetInterface.hostname: xpsp2-jp-26-111)
Use a text value ##### to specify the asset name.
Example
Show certificates on assets that have this asset name
asset:(name: server1)
Use a text value ##### to specify the host NetBios name.
Example
Show certificates on assets that have this host NetBios name
asset:(netbiosName: server1)
Use quotes or backticks within values to find the host Operating System of the certificate.
Examples
Show any findings with this OS name
asset:(operatingSystem: Windows 2012)
Show any findings that contain components of OS name
asset:(operatingSystem: "Windows 2012")
Show any findings that match exact value "Windows 2012"
asset:(operatingSystem: `Windows 2012`)
Use a text value ##### to specify the asset tag of the certificate.
Example
Show certificates on assets that have this asset tag
asset:(tags.name: prod-dmz)
Use the values true | false to find certificates from approved CAs.
Example
Show certificates that have approval status true from approved CAs
certificate:(approved: true)
Use a text value ##### to list all certificates that were archived for the specified reason. Values can be: Expired, Ignored, Other, Renewed, Replaced, Retired, Revoked, Suspended.
Examples
Show certificates that were archived with reason: Revoked
certificate:(archiveReason: Revoked)
Show certificates that were archived with reason:
Expired
certificate:(archiveReason: Expired)
Use a text value ##### to specify certificate fingerprint of the certificates.
Example
Show certificates that have this hash value
certificate:(certhash: 20e1541486f2cd405559d8483a3663f2a77c3cf93c72f4f915259f084f814221)
Use a text value ##### to list all certificates that have the specified subject identifier in the certificate subject distinguished name (DN).
Examples
Show certificates that have this subject identifier in the distinguished name.
certificate:(dn: ST=California)
Use quotes or backticks within values to filter certificates according to expired time. Values can be: Expired or In n Days where n is any number
Examples
Show certificates which expired in last 20 days
certificate:(expiryGroup: "In 20 Days")
Show all expired certificates in your subscription
certificate:(expiryGroup: "Expired")
Use the values true | false to find certificates that can only be renewed with Qualys. Certificates can be renewed with Qualys if they are issued by a DigiCert CA and are expiring in next 90 days or are already expired.
Example
Show certificates that are renewable with Qualys
certificate:(isRenewable: true)
Use a text value ##### to specify the country mentioned in the issuer distinguished name.
Example
Show certificates that have this country in issuer DN
certificate:(issuer.country: US)
Use a text value ##### to specify name of the issuing certificate authority.
Example
Show the certificates having this issuing authority name
certificate:(issuer.name: Symantec Class 3 EV
SSL CA - G3)
certificate:(issuer.organization
Use a text value ##### to specify the organization mentioned in the issuer distinguished name.
Example
Show certificates that have this organization in issuer DN
certificate:(issuer.organization: Symantec Corporation)
certificate:(issuer.organizationUnit
Use a text value ##### to specify the organization unit mentioned in the issuer distinguished name.
Example
Show certificates that have this organization unit in issuer DN
certificate:(issuer.organizationUnit: Symantec
Trust Network)
Use the values Self-signed | CA to specify the category of certificate.
Example
Show DigiCert SHA2 Extended Validation Server CA certificates
certificate:(issuerCategory: DigiCert SHA2 Extended
Validation Server CA)
Use a text value ##### to specify the key length of a certificate.
Example
Show certificates that have 2048-bit keys
certificate:(keySize: 2048)
Use the values true | false to find certificates that are self-signed.
Example
Show certificates that are self-signed
certificate:(selfSigned: true)
Use the values ##### to find a certificate having a specific serial number.
Example
Show the certificate that has this serial number
certificate:(serialNumber: "01ab8a210a7cf9955665c47fca758459ca78")
certificate:(signatureAlgorithm
Use a text value ##### to specify the signing algorithm for a certificate.
Example
Show certificates that use this signature algorithm
certificate:(signatureAlgorithm: SHA256withRSA)
Use a text value ##### to specify the country mentioned in the subject distinguished name.
Example
Show certificates that have this country in subject DN
certificate:(subject.country: US)
Use a text value ##### to specify the locality mentioned in the subject distinguished name.
Example
Show certificates that have this locality in subject DN
certificate:(subject.locality: Redwood City)
Use a text value ##### to define the certificate name.
Example
Show certificates with this name
certificate:(subject.name: www.qualys.com)
certificate:(subject.organization
Use a text value ##### to specify the organization mentioned in the subject distinguished name.
Example
Show certificates that have this organization in subject DN
certificate:(subject.organization: Qualys, Inc.)
Use a text value ##### to specify the state mentioned in the subject distinguished name.
Example
Show certificates that have this state in subject DN
certificate:(subject.state: California)
certificate:(subjectAlternativeNames.dnsName
Use a text value ##### show the DNS Name in Certificate Subject Alternate Name (SAN).
Example
Show certificates that have the specified DNS Name in Certificate SAN
certificate:(subjectAlternativeNames.dnsName: www.qualys.com)
certificate:(subjectAlternativeNames.ipAddress
Use a text value ##### to show the IP address in Certificate Subject Alternate Name (SAN).
Example
Show certificates that have the specified the IP address in Certificate SAN
certificate:(subjectAlternativeNames.ipAddress: 10.113.197.210)
Use a date range or specific date to define validation date of the certificates.
Examples
Show certificates that are valid within certain dates
certificate:(validFrom: [2018-06-15 ... 2018-06-30])
Show certificates that are valid on a specific date
certificate:(validFrom: '2017-12-14')
Use a date range or specific date to specify expiration date of the certificates.
Examples
Show certificates that expire before 2022-01-20
certificate:(validTo < "2022-01-20")
Show certificates that expire after 2020
certificate:(validTo > "2020")
Show certificates that expire before March 2020 (yyyy-mm)
certificate:(validTo < "2020-03")
Show certificates that expire between today and 2020-12-01
certificate:(validTo: "[now..2020-12-01]")
Use an integer value ##### to search the certificates based on their validity.
Note: For the Rule query builder of the Responses tab qualifiers like d, m, y are currently not supported. Please specify the value in number of days only.
Examples
Show all certificates whose validity is greater than 200 days
certificate:(validity > 200)
Show all certificates whose validity is less than 200 days
certificate:(validity < 200d)
Show all certificates whose validity is greater than 3 months. Here one month is considered as 30 days.
certificate:(validity > 3m)
Show all certificates whose validity is greater than 1 year. Here one year is considered as 365 days.
certificate:(validity > 1y)
Use a text value ##### to list the certificates that have cipher suits enabled in the SSL/TLS instance.
Example
Show certificates that have this cipher suit enabled in the SSL/TLS instance
instance:(cipherSuites.value: DES-CBC3-SHA)
Use a text value ##### to specify host FQDN of the assets.
Example
Show certificates on assets that have this host FQDN
instance:(fqdn: server1.qualys.com)
Use a text value ##### to specify the Certificate Grade for an instance on the host.
Example
Show certificates that have this Certificate Grade for an instance on the host
instance:(grade: B)
Use an integer value ##### to specify the listening port.
Example
Show certificates on assets that have this listening port open
instance:(port: 443)
Use a text value ##### to specify service.
Example
Show certificates on assets that have this service
instance:(service: SMTP)
Use a value ##### to specify SSL/TLS protocols.
Example
Show certificates on assets that have this SSL/TLS protocol
instance:(sslProtocols: TLSv1.2)
Use an integer value ##### to specify vulnerability QID.
Example
Show certificates on assets that have this vulnerability QID
instance:(vulns.qid: 38603)
Use an integer value ##### to specify vulnerability severity.
Example
Show certificates on assets that have this vulnerability severity
instance:(vulns.severity: 3)
Use a text value ##### to specify vulnerability title.
Example
Show certificates on assets with vulnerabilities that have POODLE in the vulnerability title
instance:(vulns.title: POODLE)
Use a text value ##### to specify the common name of the certificate you’re interested in.
Example
Show all certificates with common name certificate.qualys-demo.com
certificate.request.cn: certificate.qualys-demo.com
Use a date range or specific date to define when certificates were requested.
Examples
Show findings with certificates requested within certain dates
certificate.request.date: [2017-06-15 ... 2017-06-30]
Show findings with certificates requested starting 2017-06-22, ending 1 month ago
certificate.request.date: [2017-06-22 ... now-1M]
Show findings with certificates requested starting 2 weeks ago, ending 1 second ago
certificate.request.date: [now-2w ... now-1s]
Show findings with certificates requested on specific date
certificate.request.date: '2017-06-14'
Use quotes or backticks within values to help you find the certificate request status. Choose the status values from: SUBMITTED, APPROVED, REJECTED, POSTED, DENIED
Examples
Show any findings with this status
certificate.request.status: SUBMITTED
Show any findings that match exact value
certificate.request.status: "SUBMITTED"
Use the values ENROLLMENT | RENEWAL to specify the type of your certificate request.
Example
Show all certificates requested for renewal
certificate.request.type: RENEWAL
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down the search by using the 'and' operator in the Boolean query. The result contains all the token values that are provided in the query.
Example
Show the certificates issued by DigiCert and will expire in 30 days
certificate:(expiryGroup:In 30 Days and
issuer.name:DigiCert)
Narrow down the search by using the 'not' operator in the Boolean query. The result contains all the other values except the one specified after 'not' in the query.
Example
Exclude the certificates that are issued by Qualys in the search result
certificate:(not issuer.organization:Qualys)
Broaden the search by using the 'or' operator in the Boolean query. The result contains any of the token values that are provided in the query.
Example
Show the assets having an operating system as Windows or Netscaler
asset:(operatingSystem:Windows or operatingSystem:Netscaler)