---
title: "Certificate inventory"
---

When viewing certificates, you can use the following keywords to ((search|search certificates)) and filter.

## General certificate fields

### Certificate ID {#certificates-ID}

The ID field is the unique identifier for a given certificate, written as a UUID. Use the syntax `id:<uuid>` to filter by ID field.

```plaintext
id:21e5252d-a6a5-467e-83ed-683657412dff
```

### Certificate type {#certificates-type}

Use the syntax `type:<text>` to search for certificates by type.

```plaintext
type:x509
```

### Name {#certificates-name}

Use the syntax `name:<text>` to search for certificates by name.

```plaintext
name:example.com
```

### Validity {#certificates-validity}

Use `valid_from:<time>` and `valid_until:<time>` to search for certificates by when they are valid.

```plaintext
valid_from:>2025-01-01
```

```plaintext
valid_until:<2026-01-01
```

### Public key {#certificates-public-key}

Use the syntax `public_key:<text>` to search for certificates by public key.

```plaintext
public_key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ899KGnqHjVuBekYqosp2l8zWbiyu2I62CzaqaouLtqn1nXaQLMdruhlNN9ShCPfCM2JAROVjrd1PwhxLvJxAMbC+UJz2914SRn+lhFQl7yo03t+OoobwSXyj+ukbOHp1lYklYjMauScZScIDdPmLEjwDa8pfSr2TQoihjSDeawIDAQAB
```

### Public key algorithm {#certificates-public-key-algorithm}


Use `pk_algorithm:<text>` or `public_key_algorithm:<text>` to search for certificates by public key algorithm.

```plaintext
pk_algorithm:rsaEncryption
```

### Public key size {#certificates-public-key-size}

Use `pk_size:<number>` to search for certificates by public key size. You will usually want to specify the public key algorithm as well, as different algorithms have different key size ranges.

```plaintext
pk_algorithm:rsaEncryption and pk_size:<2048
```

### RSA modulus {#certificates-rsa-modulus}

Use `rsa_modulus:<number>` to search for certificates using RSA encryption by modulus.

```plaintext
rsa_modulus:24103124269210325885520760221975660748569505485024599426541169488887185854621
```

### RSA exponent {#certificates-rsa-exponent}

Use `rsa_exponent:<number>` to search for certificates using RSA encryption by exponent.

```plaintext
rsa_exponent:65537
```

### DSA p {#certificates-dsa-p}

Use `dsa_p:<number>` to search for certificates using DSA encryption by parameter p.

```plaintext
dsa_p:177153854627485855237091799251665123928681135467044234987602313329516356048326341718397044415619278113858376637092966316050520797637071138...
```

### DSA q {#certificates-dsa-q}

Use `dsa_q:<number>` to search for certificates using DSA encryption by parameter q.

```plaintext
dsa_q:23882561345098730106466767...
```

### DSA g {#certificates-dsa-g}

Use `dsa_g:<number>` to search for certificates using DSA encryption by parameter g.

```plaintext
dsa_g:11506196528065909918480452874980083486869300271555091075530405860582486808935940564845326748921808017076639122038283872065180147270617068040177316324578343...
```

### ECDSA curve {#certificates-ecdsa-curve}

Use `ecdsa_curve:<text>` to search for certificates using ECDSA encryption by curve.

```plaintext
ecdsa_curve:P-256
```

### Insecure public key {#certificates-insecure-public-key}

Use the syntax `public_key_insecure:true` to search for certificates with insecure public key algorithm and key size combinations.

### Signature {#certificates-signature}

Use the syntax `signature:<text>` to search for certificates by signature.

```
signature:Bden73ipj8B2xb1Ozy5nOvIytCktGrht5xL7ZfFlaLIBQxbGO5Iuf6Y1yICcEpYqsgSJS6JKCdw5dujmPmGRwBZfVhIbSRb0exFQ4BVp82WtDHfy3QBgcmtusRIxLyM5ToTT2O53NxaSGaw3IRLXZ0y343RGlKOyQxEXeoHbLsVrpmMrqAKkHJkhjTKn7E9WDc4RCsAvd13BIDP80dDWK7OMZJnCDXGQwz2MkAYZNyjRRXA5XeO2cvMq36/4phyJDhIz1oDgDLOFDnCGKkW5gc8MjE0uxFIYTHKNkx+2WIU/j4uQGNAJQbqqCnupV4qjI29PQFnFecnphkKw==
```            

### Signature algorithm {#certificates-signature-algorithm}

Use `sig_algorithm:<text>` or `signature_algorithm:<text>` to search for certificates by signature algorithm.

```plaintext
sig_algorithm:sha512WithRSAEncryption
```

### Insecure signature {#certificates-insecure-signature}

Use the syntax `signature_algorithm_insecure:true` to search for certificates with insecure signatures.

### Self-signed {#certificates-self-signed}

Use `self_signed:true` to search for self-signed certificates.

### Certificate authority {#certificates-is-ca}

Use `is_ca:true` to search for certificates that are certificate authorities (CAs).

### Subject {#certificates-subject}

Use `subject:<text>` to search for certificates by X.509 subject DN.

```plaintext
subject:"CN=Server Name/O=Company Name"
```

### Common name {#certificates-common-name}

You can search for certificates by common name using `cn:<name>`. This is equivalent to searching the subject DN for just the CN field.

```plaintext
cn:"Server Name"
```

### Subject alternative name {#certificates-subject-alternative-name}

You can search the four sets of Subject Alternative Names (SANs) using the following keywords:

```plaintext
san_dns_name:example.com
san_ip_address:10.0.1.23
san_email_address:postmaster@example.com
san_uri:https://example.com
```

### Issuer {#certificates-issuer}

Use `issuer:<text>` to search for certificates by X.509 issuer DN.

```plaintext
issuer:"CN=Certificate Authority Name"
```

### Subject key ID {#certificates-subject-key-id}

To search by X.509 subject key ID, use `subject_key_id:<text>`. Values are accepted with or without colons in.

```plaintext
subject_key_id:"12:90:EF:DD:E1:27:A4:47:3E:32:57:AF:44:75:92:8E:8C:C2:0A:C0"
subject_key_id:1290EFDDE127A4473E3257AF4475928E8CC20AC0
```

### Authority key ID {#certificates-authority-key-id}

To search by X.509 authority key ID, use `authority_key_id:<text>`. Values are accepted with or without colons in.

```plaintext
authority_key_id:"12:90:EF:DD:E1:27:A4:47:3E:32:57:AF:44:75:92:8E:8C:C2:0A:C0"
authority_key_id:1290EFDDE127A4473E3257AF4475928E8CC20AC0
```

### OCSP server {#certificates-ocsp-server}

Use `ocsp_server:<text>` to search for certificates by OCSP server.

```plaintext
ocsp_server:http://ocsp.test.com
```

### CRL distribution point {#certificates-crl-distribution-point}

Use `crl_distribution_points:<text>` or `crl_distribution_point:<text>` to search for certificates by CRL distribution point.

```plaintext
crl_distribution_points:http://x1.c.lencr.org/
```

### Issuing certificate URL {#certificates-issuing-certificate-url}

Use `issuing_certificate_url:<text>` to search for certificates by Issuing certificate URL.

```plaintext
issuing_certificate_url:http://x1.i.lencr.org/
```

### Hash {#certificates-hash-algorithm}

You can find certificates based on their MD5, SHA1, SHA256 or BK hash values.

```plaintext
md5:<hash value>
sha1:<hash value>
sha256:<hash value>
bkhash:<hash value>
```

### Serial number {#certificates-serial-number}

Use `serial_number:<text>` to search for certificates by serial number.

```plaintext
serial_number:123456
```

### Timestamps {#certificates-timestamps}

Use the following syntaxes to search certificate inventory timestamp fields:

* `created_at:<term>`
* `updated_at:<term>`
* `last_seen:<term>`

The term supports the standard runZero time comparison syntax `[time comparison][time]`, for example:

```plaintext
last_seen:<1week
```
```plaintext
last_seen:<2months
```
```plaintext
last_seen:<1year
```

### Associate services {#certificates-services}

Use `associate_services:<number>` or `service_count:<number>` to search for certificates by the number of associated services.

```plaintext
associated_services:>10
```

### Hidden Certificates {#certificates-hidden}

Use `hidden:true` to search for certificates that have been hidden from the inventory.

### Version {#certificates-version}

Use `version:<text>` to search for certificates by version, such as x509 version.

```plaintext
version:3
```

### Tags {#certificates-tags}

Use the syntax `tag:<term>` to search tags added to a certificate. The term can be the tag name, or the tag name followed by an equal sign and the tag value. Tag value matches must be exact.

```plaintext
tag:"group"
```
```plaintext
tag:"group=production"
```

### Comments {#certificates-comments}

Use the syntax `comment:<text>` to search comments on a certificate.

```plaintext
comment:"contractor laptop"
```
```plaintext
comment:"imaging server"

### Vulnerability name {#certificates-vulnerability-name}

Use the syntax `vulnerability_name:<text>` to search for certificates by associated vulnerability name.

```plaintext
vulnerability_name:"Expired Certificate On TLS Service"
```

### Vulnerability Count {#certificates-vulnerability-count}

Use the syntax `vulnerability_count:<number>` to search for certificates by the number of associated vulnerabilities. This field supports numerical comparison operators (`>`, `>=`, `<`, `<=`, `=`).

```plaintext
vulnerability_count:>2
```

### Has vulnerability {#certificates-has-vulnerability}

Use the syntax `has_vulnerability:<boolean>` to search for certificates that have (or do not have) associated vulnerabilities.

```plaintext
has_vulnerability:true
```