About API search fields

As part of a search expression, the field is a certificate property or field name to use for a certificatesearch, certificateinstancesearch, or managedcertificatesearch function. If you need the field names, you can customize and run one of the search examples found in this section and then gather the field names from the response.

Example of using a field in a search request

{
  "expression": {
    "operands": [
      {
        "field": "poodleVulnerable",
        "operator": "EQ",
        "value": "true"
      }
    ]
  },    ...

The following table shows commonly used field search parameters. You can use the certificatesearch, certificateinstancesearch, or managedcertificatesearch function. To search for certificates, enclose parameters in quotes unless otherwise specified.

Common Search Parameters

Retrieve Certificates by

Field and predefined search values

Example search expression

Certificate validity period

validityPeriodDays

"field": "validityPeriodDays", "operator": "LT", "value": 10

Cipher suites security status

cipherSuitesSecurityStatus and one or more values:

  • UNKNOWN
  • DEPRECATED
  • LEGACY
  • STRONG

 

"field": "cipherSuitesSecurityStatus", "operator": "MATCH", "values": ["DEPRECATED", "UNKNOWN"]

Expiration date

validityEnd

"field": "validityEnd", "operator":"MATCH", "value":"2018-01-25T17:01:32.000+0000"

Issuer Common Name (CN)

issuerCN

{"field":"issuerCN","operator":"MATCH","values":["traininglab-Root-CA","Acme"]}

Signature hash algorithm

signatureHashAlgorithm and one or more values:

  • GOSTR3411_94
  • MD2
  • MD5
  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512
  • UNKNOWN
"field":"signatureHashAlgorithm","operator":"EQ","value":"SHA1"

Subject Alternative Name DNS

subjectAlternativeNamesByType and one or more values:

  • otherName
  • rfc822Name
  • dNSName
  • x400Address
  • directoryName
  • ediPartyName
  • uniformResourceIdentifier
  • iPAddress
  • registeredID

"field": "subjectAlternativeNamesByType",

"operator":"MATCH",

"values":["dNSName", "directoryName"]

Vulnerability

 

Specify a field name and value of true or false:

  • heartbleedVulnerable
  • logjamVulnerable
  • poodleVulnerable
  • poodleTlsVulnerable
"field": "poodleVulnerable", "operator": "EQ", "value": "true"