Certificate inventory

When viewing certificates, you can use the following keywords to search and filter.

General certificate fields

Name

Use the syntax name:<text> to search for certificates by name.

name:example.com

Validity

Use valid_from:<time> and valid_to:<time> to search for certificates by when they are valid.

valid_to:<2026-01-01

valid_from:>2025-01-01

Public key algorithm

Use pk_algorithm:<text> to search for certificates by public key algorithm.

pk_algorithm:RSA

Public key size

Use pk_size:<number> to search for certificates by public key size. You will usually want to specify the public key algorithm as well, as different algorithms have different key size ranges.

pk_algorithm:RSA and pk_size:<2048

Signature algorithm

Use sig_algorithm:<text> to search for certificates by signature algorithm.

sig_algorithm:SHA1

Self-signed

Use self_signed:true to search for self-signed certificates.

Subject

Use subject:<text> to search for certificates by X.509 subject DN.

subject:"CN=Server Name/O=Company Name"

Common name

You can search for certificates by common name using cn:<name>. This is equivalent to searching the subject DN for just the CN field.

cn:"Server Name"

Subject alternative name

You can search the four sets of Subject Alternative Names (SANs) using the following keywords:

san_dns_name:example.com
san_ip:10.0.1.23
san_email:postmaster@example.com
san_uri:https://example.com

Subject key ID

To search by X.509 subject key ID, use subject_key_id:<text>. Values are accepted with or without colons in.

subject_key_id:"12:90:EF:DD:E1:27:A4:47:3E:32:57:AF:44:75:92:8E:8C:C2:0A:C0"
subject_key_id:1290EFDDE127A4473E3257AF4475928E8CC20AC0

Authority key ID

To search by X.509 authority key ID, use authority_key_id:<text>. Values are accepted with or without colons in.

authority_key_id:"12:90:EF:DD:E1:27:A4:47:3E:32:57:AF:44:75:92:8E:8C:C2:0A:C0"
authority_key_id:1290EFDDE127A4473E3257AF4475928E8CC20AC0

Hash

You can find certificates based on their SHA1, SHA256 or BK hash values.

sha1:<hash value>
sha256:<hash value>
bkhash:<hash value>

Serial number

Use serial_number:<text> to search for certificates by serial number.

serial_number:123456