Certificate inventory
When viewing certificates, you can use the following keywords to search and filter.
General certificate fields
Certificate ID
The ID field is the unique identifier for a given certificate, written as a UUID. Use the syntax id:<uuid> to filter by ID field.
id:21e5252d-a6a5-467e-83ed-683657412dff
Certificate type
Use the syntax type:<text> to search for certificates by type.
type:x509
Name
Use the syntax name:<text> to search for certificates by name.
name:example.com
Validity
Use valid_from:<time> and valid_until:<time> to search for certificates by when they are valid.
valid_from:>2025-01-01
valid_until:<2026-01-01
Public key
Use the syntax public_key:<text> to search for certificates by public key.
public_key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ899KGnqHjVuBekYqosp2l8zWbiyu2I62CzaqaouLtqn1nXaQLMdruhlNN9ShCPfCM2JAROVjrd1PwhxLvJxAMbC+UJz2914SRn+lhFQl7yo03t+OoobwSXyj+ukbOHp1lYklYjMauScZScIDdPmLEjwDa8pfSr2TQoihjSDeawIDAQAB
Public key algorithm
Use pk_algorithm:<text> or public_key_algorithm:<text> to search for certificates by public key algorithm.
pk_algorithm:rsaEncryption
Public key size
Use pk_size:<number> to search for certificates by public key size. You will usually want to specify the public key algorithm as well, as different algorithms have different key size ranges.
pk_algorithm:rsaEncryption and pk_size:<2048
RSA modulus
Use rsa_modulus:<number> to search for certificates using RSA encryption by modulus.
rsa_modulus:24103124269210325885520760221975660748569505485024599426541169488887185854621
RSA exponent
Use rsa_exponent:<number> to search for certificates using RSA encryption by exponent.
rsa_exponent:65537
DSA p
Use dsa_p:<number> to search for certificates using DSA encryption by parameter p.
dsa_p:177153854627485855237091799251665123928681135467044234987602313329516356048326341718397044415619278113858376637092966316050520797637071138...
DSA q
Use dsa_q:<number> to search for certificates using DSA encryption by parameter q.
dsa_q:23882561345098730106466767...
DSA g
Use dsa_g:<number> to search for certificates using DSA encryption by parameter g.
dsa_g:11506196528065909918480452874980083486869300271555091075530405860582486808935940564845326748921808017076639122038283872065180147270617068040177316324578343...
ECDSA curve
Use ecdsa_curve:<text> to search for certificates using ECDSA encryption by curve.
ecdsa_curve:P-256
Insecure public key
Use the syntax public_key_insecure:true to search for certificates with insecure public key algorithm and key size combinations.
Signature
Use the syntax signature:<text> to search for certificates by signature.
signature:Bden73ipj8B2xb1Ozy5nOvIytCktGrht5xL7ZfFlaLIBQxbGO5Iuf6Y1yICcEpYqsgSJS6JKCdw5dujmPmGRwBZfVhIbSRb0exFQ4BVp82WtDHfy3QBgcmtusRIxLyM5ToTT2O53NxaSGaw3IRLXZ0y343RGlKOyQxEXeoHbLsVrpmMrqAKkHJkhjTKn7E9WDc4RCsAvd13BIDP80dDWK7OMZJnCDXGQwz2MkAYZNyjRRXA5XeO2cvMq36/4phyJDhIz1oDgDLOFDnCGKkW5gc8MjE0uxFIYTHKNkx+2WIU/j4uQGNAJQbqqCnupV4qjI29PQFnFecnphkKw==
Signature algorithm
Use sig_algorithm:<text> or signature_algorithm:<text> to search for certificates by signature algorithm.
sig_algorithm:sha512WithRSAEncryption
Insecure signature
Use the syntax signature_algorithm_insecure:true to search for certificates with insecure signatures.
Self-signed
Use self_signed:true to search for self-signed certificates.
Certificate authority
Use is_ca:true to search for certificates that are certificate authorities (CAs).
Subject
Use subject:<text> to search for certificates by X.509 subject DN.
subject:"CN=Server Name/O=Company Name"
Common name
You can search for certificates by common name using cn:<name>. This is equivalent to searching the subject DN for just the CN field.
cn:"Server Name"
Subject alternative name
You can search the four sets of Subject Alternative Names (SANs) using the following keywords:
san_dns_name:example.com
san_ip_address:10.0.1.23
san_email_address:postmaster@example.com
san_uri:https://example.com
Issuer
Use issuer:<text> to search for certificates by X.509 issuer DN.
issuer:"CN=Certificate Authority Name"
Subject key ID
To search by X.509 subject key ID, use subject_key_id:<text>. Values are accepted with or without colons in.
subject_key_id:"12:90:EF:DD:E1:27:A4:47:3E:32:57:AF:44:75:92:8E:8C:C2:0A:C0"
subject_key_id:1290EFDDE127A4473E3257AF4475928E8CC20AC0
Authority key ID
To search by X.509 authority key ID, use authority_key_id:<text>. Values are accepted with or without colons in.
authority_key_id:"12:90:EF:DD:E1:27:A4:47:3E:32:57:AF:44:75:92:8E:8C:C2:0A:C0"
authority_key_id:1290EFDDE127A4473E3257AF4475928E8CC20AC0
OCSP server
Use ocsp_server:<text> to search for certificates by OCSP server.
ocsp_server:http://ocsp.test.com
CRL distribution point
Use crl_distribution_points:<text> or crl_distribution_point:<text> to search for certificates by CRL distribution point.
crl_distribution_points:http://x1.c.lencr.org/
Issuing certificate URL
Use issuing_certificate_url:<text> to search for certificates by Issuing certificate URL.
issuing_certificate_url:http://x1.i.lencr.org/
Hash
You can find certificates based on their MD5, SHA1, SHA256 or BK hash values.
md5:<hash value>
sha1:<hash value>
sha256:<hash value>
bkhash:<hash value>
Serial number
Use serial_number:<text> to search for certificates by serial number.
serial_number:123456
Timestamps
Use the following syntaxes to search certificate inventory timestamp fields:
created_at:<term>updated_at:<term>last_seen:<term>
The term supports the standard runZero time comparison syntax [time comparison][time], for example:
last_seen:<1week
last_seen:<2months
last_seen:<1year
Associate services
Use associate_services:<number> or service_count:<number> to search for certificates by the number of associated services.
associated_services:>10
Hidden Certificates
Use hidden:true to search for certificates that have been hidden from the inventory.
Version
Use version:<text> to search for certificates by version, such as x509 version.
version:3
Tags
Use the syntax tag:<term> to search tags added to a certificate. The term can be the tag name, or the tag name followed by an equal sign and the tag value. Tag value matches must be exact.
tag:"group"
tag:"group=production"
Comments
Use the syntax comment:<text> to search comments on a certificate.
comment:"contractor laptop"
comment:"imaging server"