Skip to content

About API search fields

As part of a search expression, the field is a certificate property or field name to use for a certificatesearch, certificateinstancesearch, or managedcertificatesearchfunction function. If you need the field names, you can customize and run one of the search examples found in this section and then gather the field names from the response.

Example of using a field in a search request

{
   "expression":{
      "operands":[
         {
            "field":"poodleVulnerable",
            "operator":"EQ",
            "value":"true"
         }
      ]
   }
}, ...

Common search parameters

The following table shows commonly used field search parameters. You can use the certificatesearch, certificateinstancesearch, or managedcertificatesearchfunction. To search for certificates, enclose parameters in quotes unless otherwise specified.

Retrieve Certificates by Field and predefined
search values
Example search expression
Certificate validity period validityPeriodDays "field": "validityPeriodDays","operator": "LT","value": 10
Cipher suites security status cipherSuitesSecurityStatus and one or more values:
  • UNKNOWN
  • DEPRECATED
  • LEGACY
  • STRONG
"field": "cipherSuitesSecurityStatus", "operator": "MATCH", "values": ["DEPRECATED", "UNKNOWN"]
Expiration date validityEnd "field": "validityEnd", "operator":"MATCH", "value":"2018-01-25T17:01:32.000+0000"
Issuer Common Name (CN) issuerCN {"field":"issuerCN","operator":"MATCH","values":["traininglab-Root-CA","Acme"]}
Signature hash algorithm signatureHashAlgorithm and one or more values:
  • GOSTR3411_94
  • MD2
  • MD5
  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512
  • UNKNOWN
"field":"signatureHashAlgorithm","operator":"EQ","value":"SHA1"
Subject Alternative Name DNS subjectAlternativeNamesByType and one or more values:
  • otherName
  • rfc822Name
  • dNSName
  • x400Address
  • directoryName
  • ediPartyName
  • uniformResourceIdentifier
  • iPAddress
  • registeredID
"field": "subjectAlternativeNamesByType", "operator":"MATCH", "values":["dNSName", "directoryName"]
Vulnerability Specify a field name and value of true or false:
  • heartbleedVulnerable
  • logjamVulnerable
  • poodleVulnerable
  • poodleTlsVulnerable
"field": "poodleVulnerable", "operator": "EQ", "value": "true"