Search certificates

Send a certificate search query (in HCQL format) and return the certificate search results

Query parameters

enableAnalytics

boolean

Use the analytics database if enabled. true if not specified.

Body required

application/json

query

string | null

The HCQL query to use for the search, represents the way to filter certificates. If not specified, it will filter nothing

fields

array of string | null

The fields to be returned by the search. If this parameter is not specified, everything is returned by default. If this parameter is equal to an empty array, only the _id field is returned.

sortedBy

array of objects | null (SortElement)

The way to sort the search results.

Array [

element

string required

The name of the field the query should be sorted by. Must be one of the fields of the search query

order

string required

The order to use for the sort. Asc and Desc sort the values, and KeyAsc and KeyDesc sort by the key, in case of a key-value element

Enum Asc Desc KeyAsc KeyDesc

]

pageIndex

integer | null

The index of the page to retrieve

pageSize

integer | null

The maximum number of items to retrieve for one page

withCount

boolean | null

If set to true, the total count of certificates matching the HCQL query will be returned.

Responses

200 The certificate search results

results

array of objects (CertificateSearchResult) required

List of certificates that matched the search criteria

Array [

_id

string | null

module

string | null

profile

string | null

owner

string | null

team

string | null

discoveredTrusted

boolean | null

discoveryInfo

array of objects | null (DiscoveryInfo)

Array [

campaign

string required

The discovery campaign's name

lastDiscoveryDate

integer required

When this certificate was discovered for the last time

identifier

string | null

Identifier of the user that discovered this certificate

]

discoveryData

array of objects | null (HostDiscoveryData)

Array [

string | null

The certificate's host ip

sources

array of string | null

Information on the type of discovery that discovered this certificate

hostnames

array of string | null

The certificate's host hostnames (netscan only)

operatingSystems

array of string | null

The certificate's host operating system (localscan only)

paths

array of string | null

The path to the certificate on the host machine (localscan only)

usages

array of string | null

The path of the configuration files that were used to find the certificates

tlsPorts

array of objects | null (TlsPort)

The ports on which the certificate is exposed for https connexion

]

certificate

string | null

thumbprint

string | null

selfSigned

boolean | null

publicKeyThumbprint

string | null

serial

string | null

issuer

string | null

notBefore

integer | null

notAfter

integer | null

revocationDate

integer | null

revocationReason

string | null (Revocation Reason)

One of: unspecified, keycompromise, cacompromise, affiliationchange, superseded, cessationofoperation

keyType

string | null (Keytype)

One of rsa-2048, rsa-3072, rsa-4096, rsa-8192, ec-secp256r1, ec-secp384r1, ec-secp521r1, ed-448, ed-25519, mldsa-44, mldsa-65, mldsa-87, slhdsa-sha2-128s, slhdsa-sha2-128f, slhdsa-sha2-192s, slhdsa-sha2-192f, slhdsa-sha2-256s, slhdsa-sha2-256f, slhdsa-sha2-128ssha256, slhdsa-sha2-128fsha256, slhdsa-sha2-192ssha512, slhdsa-sha2-192fsha512, slhdsa-sha2-256ssha512, slhdsa-sha2-256fsha512 or +

signingAlgorithm

string | null

subjectAlternateNames

array of objects | null (SubjectAlternateName)

Array [

sanType

string required

The type of the SAN

Enum RFC822NAME DNSNAME URI IPADDRESS OTHERNAME_UPN OTHERNAME_GUID REGISTERED_ID

value

string required

The value of the SAN

]

metadata

array of objects | null (Certificate Metadata)

Array [

key

string required

The metadata name

Enum pki_connector previous_certificate_id renewed_certificate_id automation_policy gs_order_id metapki_id digicert_id entrust_id scep_transid fcms_id gsatlas_id certeurope_id digicert_order_id

value

string required

The metadata value

]

thirdPartyData

array of objects | null (ThirdPartyItem)

Array [

connector

string required

The third party connector name on which this certificate is synchronized

string required

The Id of this certificate on the third party

fingerprint

string | null

The fingerprint of this certificate on the third party

pushDate

integer | null

The date when the certificate was pushed to this third party

removeDate

integer | null

The date when the certificate was removed from this third party (in case of revocation)

]

triggerResults

array of objects | null (TriggerResult)

Array [

name

string required

The name of the trigger that was executed

event

string required

The event that triggered the trigger

Enum on_deny_update on_cancel_migrate on_pending_renew on_submit_migrate on_cancel_update on_approve_migrate on_pending_recover on_pending_enroll on_deny_revoke on_cancel_renew on_submit_recover on_submit_enroll on_cancel_recover on_approve_revoke on_pending_update on_deny_recover on_approve_renew on_deny_migrate on_revoke on_approve_recover on_expire on_enroll on_deny_renew on_approve_update on_recover on_deny_enroll on_submit_renew on_update on_approve_enroll on_cancel_enroll on_pending_migrate on_pending_revoke on_submit_update on_submit_revoke on_migrate on_cancel_revoke on_renew

triggerType

string required

The type of the trigger

Enum aws email f5client ldappub intunepkcs akv webhook

lastExecutionDate

integer required

The last time this trigger was executed for this certificate and this event

status

string required

The status of the trigger after its execution

Enum success failure

retryable

boolean required

Is this trigger manually retryable (can be run)

retries

integer | null

The number of remaining tries before the trigger is abandoned

nextExecutionDate

integer | null

The next scheduled execution time for this trigger

nextDelay

string | null

Time that will be waited between the next and the next+1 execution of this trigger

detail

string | null

Contains details on this trigger's execution

]

holderId

string | null

labels

array of objects | null (LabelData)

Array [

key

string required

The label's name

value

string required

The label's value

]

privateKey

object | null (EscrowedPrivateKey)

horizonKey

string required

value

string | null

vaultKey

string | null

transient

boolean | null

permissions

object | null (CertificatePermissions)

revoke

boolean required

Whether the principal is authorized to revoke this certificate

requestRevoke

boolean required

Whether the principal is authorized to request revocation of this certificate

update

boolean required

Whether the principal is authorized to update this certificate

requestUpdate

boolean required

Whether the principal is authorized to request update of this certificate

migrate

boolean required

Whether the principal is authorized to migrate this certificate

requestMigrate

boolean required

Whether the principal is authorized to request migration of this certificate

enroll

boolean | null

Whether the principal is authorized to re-enroll this certificate

requestEnroll

boolean | null

Whether the principal is authorized to request re-enrollment of this certificate

recover

boolean | null

Whether the principal is authorized to recover this certificate

requestRecover

boolean | null

Whether the principal is authorized to request recovery of this certificate

renew

boolean | null

Whether the principal is authorized to renew this certificate

requestRenew

boolean | null

Whether the principal is authorized to request renewal of this certificate

contactEmail

string | null

grades

array of objects | null (GradingPolicyResult)

Array [

name

string required

The name of the grading policy

grade

string required

The grade awarded by the grading policy

]

pageIndex

integer required

The index of the page that has been retrieved

pageSize

integer required

The size of the page that has been retrieved

hasMore

boolean required

Indicates whether the response represents the last page of results (if set to false) or not (if set to true)

count

integer | null

If withCount was set to true in the query payload, represents the total number of certificates that were retrieved for that query

400 Bad request

401 Unauthorized request.

403 Unauthorized request.

500 Internal server error.

post

/api/v1/certificates/search

{

"query": "status is valid" ,

"fields":

[ ... ] ,

"sortedBy":

[ ... ] ,

"pageIndex": 1 ,

"pageSize": 50 ,

"withCount": false

}

{

"results":

[

{

"_id": "string" ,

"module": "string" ,

"profile": "string" ,

"owner": "string" ,

"team": "string" ,

"discoveredTrusted": true ,

"discoveryInfo":

[ ... ] ,

"discoveryData":

[ ... ] ,

"certificate": "string" ,

"thumbprint": "string" ,

"selfSigned": true ,

"publicKeyThumbprint": "string" ,

"dn": "string" ,

"serial": "string" ,

"issuer": "string" ,

"notBefore": 0 ,

"notAfter": 0 ,

"revocationDate": 0 ,

"revocationReason": "string" ,

"keyType": "rsa-2048" ,

"signingAlgorithm": "string" ,

"subjectAlternateNames":

[ ... ] ,

"metadata":

[ ... ] ,

"thirdPartyData":

[ ... ] ,

"triggerResults":

[ ... ] ,

"holderId": "string" ,

"labels":

[ ... ] ,

"privateKey":

{ ... } ,

"permissions":

{ ... } ,

"contactEmail": "string" ,

"grades":

[ ... ]

... }

... ] ,

"pageIndex": 1 ,

"pageSize": 50 ,

"count": 12 ,

"hasMore": false

}