Skip to content

Example: Searching for SHA1 certificates

You can search for certificates by signature hash algorithms. Although this example describes how to retrieve certificates that use the SHA1 signature hash algorithm, you can search for any of the following signature hash algorithms:

  • GOSTR3411_94
  • MD2
  • MD5
  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512
  • UNKNOWN

To search for SHA1 certificates

  1. If you have not already done so, obtain an API key.

  2. Use the certificatesearch, certificateinstancesearch, or managedcertificatesearchfunction and the appropriate JSON body (next step).

    For example:

    POST https://api.venafi.cloud/v1/certificatesearch
    tppl-api-key: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    

  3. In the JSON body, specify a MATCH value for the signatureHashAlgorithm. For additional help, use the parameter descriptions from ´╗┐our screenshotdocumentation. For example:

Example JSON body

{
   "expression":{
      "operands":[
         {
            "field":"signatureHashAlgorithm",
            "operator":"MATCH",
            "value":"SHA1"
         }
      ]
   },
   "ordering":{
      "orders":[
         {
            "direction":"ASC",
            "field":"subjectCN"
         },
         {
            "direction":"DESC",
            "field":"keyStrength"
         }
      ]
   },
   "paging":{
      "pageNumber":0,
      "pageSize":1
   }
}
Example response
HTTP 1.1 OK
{
   "count":1,
   "certificates":[
      {
         "id":"aececf20-2f8e-11e7-be41-1507c9a9e451",
         "companyId":"9c731a20-2f8e-11e7-be41-1507c9a9e451",
         "fingerprint":"44167BE6CC90373C0CADF380ED243FFFFD204424",
         "certificateSource":"TRUSTNET_SCAN",
         "certificateStatuses":[
            "NONE"
         ],
         "certificateType":"END_ENTITY",
         "creationDate":"2017-05-02T23:25:52.274+0000",
         "modificationDate":"2017-05-02T23:25:52.274+0000",
         "totalInstanceCount":2,
         "validityStart":"2015-01-30T18:27:33.000+0000",
         "validityEnd":"2017-01-29T18:27:33.000+0000",
         "validityPeriodDays":730,
         "validityPeriodRange":"GT_30_DAYS_LTE_2_YEARS",
         "selfSigned":false,
         "signatureAlgorithm":"SHA1_WITH_RSA_ENCRYPTION",
         "signatureHashAlgorithm":"SHA1",
         "encryptionType":"RSA",
         "keyStrength":2048,
         "publicKeyHash":"985C97499854F3ECAFE332F23DF6F2F72B966CF0",
         "subjectKeyIdentifierHash":"3E2EB617B33A572F3A7180EB5CBF7D21875EEBE7",
         "authorityKeyIdentifierHash":"4C38AF43C44E2FADBE9B77FE7C9DB344B4927E78",
         "serialNumber":"543A4102000000275034",
         "subjectCN":[
            "W2K12R2-X64-VED1.venqa.venafi.com"
         ],
         "subjectOU":[
            "QA"
         ],
         "subjectST":"Utah",
         "subjectL":"Salt Lake City",
         "subjectC":"US",
         "subjectAlternativeNamesByType":{
            "otherName":[

            ],
            "rfc822Name":[

            ],
            "dNSName":[

            ],
            "x400Address":[

            ],
            "directoryName":[

            ],
            "ediPartyName":[

            ],
            "uniformResourceIdentifier":[

            ],
            "iPAddress":[

            ],
            "registeredID":[

            ]
         },
         "issuerCN":[
            "VenQA CA"
         ],
         "keyUsage":[
            "digitalSignature",
            "keyEncipherment"
         ],
         "ocspNoCheck":false,
         "compliance":{
            "score":0
         },
         "instances":[
            {
               "id":"6978e950-2f8f-11e7-be41-1507c9a9e451",
               "certificateId":"aececf20-2f8e-11e7-be41-1507c9a9e451",
               "companyId":"9c731a20-2f8e-11e7-be41-1507c9a9e451",
               "zoneId":"9c7dc881-2f8e-11e7-be41-1507c9a9e451",
               "fingerprint":"44167BE6CC90373C0CADF380ED243FFFFD204424",
               "certificateSource":"TRUSTNET_SCAN",
               "certificateStatuses":[
                  "NONE"
               ],
               "creationDate":"2017-05-02T23:31:05.445+0000",
               "modificationDate":"2017-05-04T18:00:22.408+0000",
               "ipAddress":"127.0.0.1",
               "ipAddressAsLong":3232235867,
               "hostname":" ",
               "port":-1,
               "sslProtocols":[
                  "TLS v.1.0",
                  "TLS v.1.1"
               ],
               "cipherSuites":[
                  "RSA_WITH_RC4_128_SHA",
                  "RSA_WITH_AES_256_CBC_SHA",
                  "RSA_WITH_3DES_EDE_CBC_SHA",
                  "RSA_WITH_RC4_128_MD5",
                  "RSA_WITH_AES_128_CBC_SHA"
               ],
               "heartbleedVulnerable":false,
               "tnLastUpdated":"2017-05-04T17:25:21.048+0000",
               "lastScanDate":"2017-01-05T11:00:00.000+0000",
               "sslProtocolsSecurityStatus":"LEGACY",
               "cipherSuitesSecurityStatus":"UNKNOWN",
               "compliance":{
                  "score":0.25
               }
            },
            {
               "id":"aed0f200-2f8e-11e7-be41-1507c9a9e451",
               "certificateId":"aececf20-2f8e-11e7-be41-1507c9a9e451",
               "companyId":"9c731a20-2f8e-11e7-be41-1507c9a9e451",
               "zoneId":"9c7dc881-2f8e-11e7-be41-1507c9a9e451",
               "fingerprint":"44167BE6CC90373C0CADF380ED243FFFFD204424",
               "certificateSource":"TRUSTNET_SCAN",
               "certificateStatuses":[
                  "NONE"
               ],
               "creationDate":"2017-05-02T23:25:52.288+0000",
               "modificationDate":"2017-05-04T17:55:16.550+0000",
               "ipAddress":"127.0.0.1",
               "ipAddressAsLong":3232235817,
               "hostname":" ",
               "port":-1,
               "sslProtocols":[
                  "TLS v.1.0",
                  "TLS v.1.1"
               ],
               "cipherSuites":[
                  "RSA_WITH_RC4_128_SHA",
                  "RSA_WITH_AES_256_CBC_SHA",
                  "RSA_WITH_3DES_EDE_CBC_SHA",
                  "RSA_WITH_RC4_128_MD5",
                  "RSA_WITH_AES_128_CBC_SHA"
               ],
               "heartbleedVulnerable":false,
               "tnLastUpdated":"2017-05-04T17:24:48.715+0000",
               "lastScanDate":"2017-01-05T11:00:00.000+0000",
               "sslProtocolsSecurityStatus":"LEGACY",
               "cipherSuitesSecurityStatus":"UNKNOWN",
               "compliance":{
                  "score":0.25
               }
            }
         ]
      }
   ]
}