This page lists every field whose value can be searched within the Certificates dataset.
The difference between a keyword and a text field is that searches on keyword fields will only return exact matches, while searches on text fields will return fuzzy matches.
Certificates
METADATA
Path | Type | Docs |
---|---|---|
added_at | date | When the certificate was added to the Censys dataset. |
labels | text | |
modified_at | date | When the certificate record was last modified. |
parse_status | text |
CERTIFICATE TRANSPARENCY LOGS
Path | Type | Docs |
---|---|---|
ct.entries.key | text | |
ct.entries.value.added_to_ct_at | date | An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log. |
ct.entries.value.ct_to_censys_at | date | An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset. |
ct.entries.value.index | long | Numerical marker of the certificate's place in the CT log. |
MISC
Path | Type | Docs |
---|---|---|
ever_seen_in_scan | boolean | |
parsed.redacted | boolean | |
parsed.version | integer | |
precert | boolean | Whether the X.509 "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted. |
validation_level | text | The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV). |
FINGERPRINT
Path | Type | Docs |
---|---|---|
fingerprint_md5 | text | The MD-5 digest of the entire raw certificate. An identifier used by some systems. |
fingerprint_sha1 | text | The SHA-1 digest of the entire raw certificate. An identifier used by some systems. |
fingerprint_sha256 | text | The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records. |
tbs_fingerprint_sha256 | text | The SHA-256 digest of the unsigned certificate's contents. |
tbs_no_ct_fingerprint_sha256 | text | The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate. |
BASIC INFORMATION
Path | Type | Docs |
---|---|---|
names | text | All the names contained in the certificate from various fields. |
parsed.issuer_dn | text | Distinguished Name of the entity that has signed and issued the certificate. |
parsed.serial_number | text | Issuer-specific identifier of the certificate. |
parsed.subject_dn | text | Distinguished Name of the entity associated with the public key. |
validated_at | date | When the certificate record's trust was last checked. |
AUTHORITY INFO ACCESS (AIA)
Path | Type | Docs |
---|---|---|
parsed.extensions.authority_info_access.issuer_urls | text | |
parsed.extensions.authority_info_access.ocsp_urls | text |
AUTHORITY KEY ID (AKID)
Path | Type | Docs |
---|---|---|
parsed.extensions.authority_key_id | text | A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo. |
BASIC CONSTRAINTS
Path | Type | Docs |
---|---|---|
parsed.extensions.basic_constraints.is_ca | boolean | Whether the certificate is permitted to sign other certificates. |
parsed.extensions.basic_constraints.max_path_len | integer | When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path. |
CABF ORGANIZATION ID EXTENSION
Path | Type | Docs |
---|---|---|
parsed.extensions.cabf_organization_id.country | text | |
parsed.extensions.cabf_organization_id.reference | text | |
parsed.extensions.cabf_organization_id.scheme | text | |
parsed.extensions.cabf_organization_id.state | text |
CERTIFICATE POLICIES
Path | Type | Docs |
---|---|---|
parsed.extensions.certificate_policies.cps | text | |
parsed.extensions.certificate_policies.id | text | |
parsed.extensions.certificate_policies.user_notice.explicit_text | text | |
parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers | integer | |
parsed.extensions.certificate_policies.user_notice.notice_reference.organization | text |
CRL DISTRIBUTION POINTS
Path | Type | Docs |
---|---|---|
parsed.extensions.crl_distribution_points | text | The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted). |
EMBEDDED SCTS / CT POISON
Path | Type | Docs |
---|---|---|
parsed.extensions.ct_poison | boolean | Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3). |
parsed.extensions.signed_certificate_timestamps.log_id | text | |
parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm | text | |
parsed.extensions.signed_certificate_timestamps.signature.signature | text | |
parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm | text | |
parsed.extensions.signed_certificate_timestamps.timestamp | date | |
parsed.extensions.signed_certificate_timestamps.version | integer |
EXTENDED KEY USAGE
Path | Type | Docs |
---|---|---|
parsed.extensions.extended_key_usage.any | boolean | |
parsed.extensions.extended_key_usage.apple_code_signing | boolean | |
parsed.extensions.extended_key_usage.apple_code_signing_development | boolean | |
parsed.extensions.extended_key_usage.apple_code_signing_third_party | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_development_env | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_env | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_maintenance_env | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_production_env | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_qos | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_test_env | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_tier0_qos | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_tier1_qos | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_tier2_qos | boolean | |
parsed.extensions.extended_key_usage.apple_crypto_tier3_qos | boolean | |
parsed.extensions.extended_key_usage.apple_ichat_encryption | boolean | |
parsed.extensions.extended_key_usage.apple_ichat_signing | boolean | |
parsed.extensions.extended_key_usage.apple_resource_signing | boolean | |
parsed.extensions.extended_key_usage.apple_software_update_signing | boolean | |
parsed.extensions.extended_key_usage.apple_system_identity | boolean | |
parsed.extensions.extended_key_usage.client_auth | boolean | |
parsed.extensions.extended_key_usage.code_signing | boolean | |
parsed.extensions.extended_key_usage.dvcs | boolean | |
parsed.extensions.extended_key_usage.eap_over_lan | boolean | |
parsed.extensions.extended_key_usage.eap_over_ppp | boolean | |
parsed.extensions.extended_key_usage.email_protection | boolean | |
parsed.extensions.extended_key_usage.ipsec_end_system | boolean | |
parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage | boolean | |
parsed.extensions.extended_key_usage.ipsec_tunnel | boolean | |
parsed.extensions.extended_key_usage.ipsec_user | boolean | |
parsed.extensions.extended_key_usage.microsoft_ca_exchange | boolean | |
parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing | boolean | |
parsed.extensions.extended_key_usage.microsoft_csp_signature | boolean | |
parsed.extensions.extended_key_usage.microsoft_document_signing | boolean | |
parsed.extensions.extended_key_usage.microsoft_drm | boolean | |
parsed.extensions.extended_key_usage.microsoft_drm_individualization | boolean | |
parsed.extensions.extended_key_usage.microsoft_efs_recovery | boolean | |
parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto | boolean | |
parsed.extensions.extended_key_usage.microsoft_encrypted_file_system | boolean | |
parsed.extensions.extended_key_usage.microsoft_enrollment_agent | boolean | |
parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing | boolean | |
parsed.extensions.extended_key_usage.microsoft_key_recovery_21 | boolean | |
parsed.extensions.extended_key_usage.microsoft_key_recovery_3 | boolean | |
parsed.extensions.extended_key_usage.microsoft_license_server | boolean | |
parsed.extensions.extended_key_usage.microsoft_licenses | boolean | |
parsed.extensions.extended_key_usage.microsoft_lifetime_signing | boolean | |
parsed.extensions.extended_key_usage.microsoft_mobile_device_software | boolean | |
parsed.extensions.extended_key_usage.microsoft_nt5_crypto | boolean | |
parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto | boolean | |
parsed.extensions.extended_key_usage.microsoft_qualified_subordinate | boolean | |
parsed.extensions.extended_key_usage.microsoft_root_list_signer | boolean | |
parsed.extensions.extended_key_usage.microsoft_server_gated_crypto | boolean | |
parsed.extensions.extended_key_usage.microsoft_sgc_serialized | boolean | |
parsed.extensions.extended_key_usage.microsoft_smart_display | boolean | |
parsed.extensions.extended_key_usage.microsoft_smartcard_logon | boolean | |
parsed.extensions.extended_key_usage.microsoft_system_health | boolean | |
parsed.extensions.extended_key_usage.microsoft_system_health_loophole | boolean | |
parsed.extensions.extended_key_usage.microsoft_timestamp_signing | boolean | |
parsed.extensions.extended_key_usage.microsoft_whql_crypto | boolean | |
parsed.extensions.extended_key_usage.netscape_server_gated_crypto | boolean | |
parsed.extensions.extended_key_usage.ocsp_signing | boolean | |
parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth | boolean | |
parsed.extensions.extended_key_usage.server_auth | boolean | |
parsed.extensions.extended_key_usage.time_stamping | boolean | |
parsed.extensions.extended_key_usage.unknown | text |
ISSUER ALTERNATE NAMES (IANS)
Path | Type | Docs |
---|---|---|
parsed.extensions.issuer_alt_name.directory_names.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
parsed.extensions.issuer_alt_name.directory_names.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
parsed.extensions.issuer_alt_name.directory_names.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
parsed.extensions.issuer_alt_name.directory_names.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
parsed.extensions.issuer_alt_name.directory_names.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
parsed.extensions.issuer_alt_name.directory_names.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
parsed.extensions.issuer_alt_name.directory_names.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
parsed.extensions.issuer_alt_name.directory_names.organization_id | text | |
parsed.extensions.issuer_alt_name.directory_names.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
parsed.extensions.issuer_alt_name.directory_names.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
parsed.extensions.issuer_alt_name.directory_names.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
parsed.extensions.issuer_alt_name.directory_names.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
parsed.extensions.issuer_alt_name.directory_names.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
parsed.extensions.issuer_alt_name.directory_names.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
parsed.extensions.issuer_alt_name.dns_names | text | The parsed dNSName entries in the GeneralName. |
parsed.extensions.issuer_alt_name.edi_party_names.name_assigner | text | |
parsed.extensions.issuer_alt_name.edi_party_names.party_name | text | |
parsed.extensions.issuer_alt_name.email_addresses | text | The parsed rfc822Name entries in the GeneralName. |
parsed.extensions.issuer_alt_name.ip_addresses | text | The parsed ipAddress entries in the GeneralName. |
parsed.extensions.issuer_alt_name.other_names.id | text | The OID identifying the syntax of the otherName value. |
parsed.extensions.issuer_alt_name.other_names.value | text | The raw otherName value. |
parsed.extensions.issuer_alt_name.registered_ids | text | The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format. |
parsed.extensions.issuer_alt_name.uniform_resource_identifiers | text | The parsed uniformResourceIdentifier entries in the GeneralName. |
KEY USAGE
Path | Type | Docs |
---|---|---|
parsed.extensions.key_usage.certificate_sign | boolean | Whether the keyCertSign bit is set. |
parsed.extensions.key_usage.content_commitment | boolean | Whether the contentCommitment (formerly called nonRepudiation) bit is set. |
parsed.extensions.key_usage.crl_sign | boolean | Whether the cRLSign bit is set. |
parsed.extensions.key_usage.data_encipherment | boolean | Whether the dataEncipherment bit is set. |
parsed.extensions.key_usage.decipher_only | boolean | Whether the decipherOnly bit is set. |
parsed.extensions.key_usage.digital_signature | boolean | Whether the digitalSignature bit is set. |
parsed.extensions.key_usage.encipher_only | boolean | Whether the encipherOnly bit is set. |
parsed.extensions.key_usage.key_agreement | boolean | Whether the keyAgreement bit is set. |
parsed.extensions.key_usage.key_encipherment | boolean | Whether the keyEncipherment bit is set. |
parsed.extensions.key_usage.value | unsigned_long | The integer value of the bitmask in the extension. |
NAME CONSTRAINTS
Path | Type | Docs |
---|---|---|
parsed.extensions.name_constraints.critical | boolean | |
parsed.extensions.name_constraints.excluded_directory_names.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
parsed.extensions.name_constraints.excluded_directory_names.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
parsed.extensions.name_constraints.excluded_directory_names.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
parsed.extensions.name_constraints.excluded_directory_names.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
parsed.extensions.name_constraints.excluded_directory_names.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
parsed.extensions.name_constraints.excluded_directory_names.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
parsed.extensions.name_constraints.excluded_directory_names.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
parsed.extensions.name_constraints.excluded_directory_names.organization_id | text | |
parsed.extensions.name_constraints.excluded_directory_names.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
parsed.extensions.name_constraints.excluded_directory_names.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
parsed.extensions.name_constraints.excluded_directory_names.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
parsed.extensions.name_constraints.excluded_directory_names.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
parsed.extensions.name_constraints.excluded_directory_names.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
parsed.extensions.name_constraints.excluded_directory_names.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner | text | |
parsed.extensions.name_constraints.excluded_edi_party_names.party_name | text | |
parsed.extensions.name_constraints.excluded_email_addresses | text | A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate. |
parsed.extensions.name_constraints.excluded_ip_addresses.begin | text | The first IP address in the range. |
parsed.extensions.name_constraints.excluded_ip_addresses.cidr | text | The CIDR specifying the subtree. |
parsed.extensions.name_constraints.excluded_ip_addresses.end | text | The last IP address in the range. |
parsed.extensions.name_constraints.excluded_ip_addresses.mask | text | The subnet mask of the CIDR. |
parsed.extensions.name_constraints.excluded_names | text | A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate. |
parsed.extensions.name_constraints.excluded_registered_ids | text | A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate. |
parsed.extensions.name_constraints.excluded_uris | text | A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate. |
parsed.extensions.name_constraints.permitted_directory_names.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
parsed.extensions.name_constraints.permitted_directory_names.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
parsed.extensions.name_constraints.permitted_directory_names.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
parsed.extensions.name_constraints.permitted_directory_names.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
parsed.extensions.name_constraints.permitted_directory_names.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
parsed.extensions.name_constraints.permitted_directory_names.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
parsed.extensions.name_constraints.permitted_directory_names.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
parsed.extensions.name_constraints.permitted_directory_names.organization_id | text | |
parsed.extensions.name_constraints.permitted_directory_names.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
parsed.extensions.name_constraints.permitted_directory_names.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
parsed.extensions.name_constraints.permitted_directory_names.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
parsed.extensions.name_constraints.permitted_directory_names.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
parsed.extensions.name_constraints.permitted_directory_names.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
parsed.extensions.name_constraints.permitted_directory_names.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner | text | |
parsed.extensions.name_constraints.permitted_edi_party_names.party_name | text | |
parsed.extensions.name_constraints.permitted_email_addresses | text | A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate. |
parsed.extensions.name_constraints.permitted_ip_addresses.begin | text | The first IP address in the range. |
parsed.extensions.name_constraints.permitted_ip_addresses.cidr | text | The CIDR specifying the subtree. |
parsed.extensions.name_constraints.permitted_ip_addresses.end | text | The last IP address in the range. |
parsed.extensions.name_constraints.permitted_ip_addresses.mask | text | The subnet mask of the CIDR. |
parsed.extensions.name_constraints.permitted_names | text | A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate. |
parsed.extensions.name_constraints.permitted_registered_ids | text | A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate. |
parsed.extensions.name_constraints.permitted_uris | text | A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate. |
QC STATEMENTS EXTENSION
Path | Type | Docs |
---|---|---|
parsed.extensions.qc_statements.ids | text | |
parsed.extensions.qc_statements.parsed.etsi_compliance | boolean | |
parsed.extensions.qc_statements.parsed.legislation.country_codes | text | |
parsed.extensions.qc_statements.parsed.limit.amount | long | |
parsed.extensions.qc_statements.parsed.limit.currency | text | |
parsed.extensions.qc_statements.parsed.limit.currency_number | long | |
parsed.extensions.qc_statements.parsed.limit.exponent | long | |
parsed.extensions.qc_statements.parsed.pds_locations.language | text | |
parsed.extensions.qc_statements.parsed.pds_locations.url | text | |
parsed.extensions.qc_statements.parsed.retention_period | long | |
parsed.extensions.qc_statements.parsed.sscd | boolean | |
parsed.extensions.qc_statements.parsed.types.ids | text |
SUBJECT ALTERNATE NAMES (SANS)
Path | Type | Docs |
---|---|---|
parsed.extensions.subject_alt_name.directory_names.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
parsed.extensions.subject_alt_name.directory_names.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
parsed.extensions.subject_alt_name.directory_names.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
parsed.extensions.subject_alt_name.directory_names.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
parsed.extensions.subject_alt_name.directory_names.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
parsed.extensions.subject_alt_name.directory_names.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
parsed.extensions.subject_alt_name.directory_names.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
parsed.extensions.subject_alt_name.directory_names.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
parsed.extensions.subject_alt_name.directory_names.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
parsed.extensions.subject_alt_name.directory_names.organization_id | text | |
parsed.extensions.subject_alt_name.directory_names.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
parsed.extensions.subject_alt_name.directory_names.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
parsed.extensions.subject_alt_name.directory_names.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
parsed.extensions.subject_alt_name.directory_names.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
parsed.extensions.subject_alt_name.directory_names.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
parsed.extensions.subject_alt_name.directory_names.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
parsed.extensions.subject_alt_name.dns_names | text | The parsed dNSName entries in the GeneralName. |
parsed.extensions.subject_alt_name.edi_party_names.name_assigner | text | |
parsed.extensions.subject_alt_name.edi_party_names.party_name | text | |
parsed.extensions.subject_alt_name.email_addresses | text | The parsed rfc822Name entries in the GeneralName. |
parsed.extensions.subject_alt_name.ip_addresses | text | The parsed ipAddress entries in the GeneralName. |
parsed.extensions.subject_alt_name.other_names.id | text | The OID identifying the syntax of the otherName value. |
parsed.extensions.subject_alt_name.other_names.value | text | The raw otherName value. |
parsed.extensions.subject_alt_name.registered_ids | text | The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format. |
parsed.extensions.subject_alt_name.uniform_resource_identifiers | text | The parsed uniformResourceIdentifier entries in the GeneralName. |
SUBJECT KEY ID (SKID)
Path | Type | Docs |
---|---|---|
parsed.extensions.subject_key_id | text | A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.. |
TOR SERVICE DESCRIPTORS
Path | Type | Docs |
---|---|---|
parsed.extensions.tor_service_descriptors.algorithm_name | text | |
parsed.extensions.tor_service_descriptors.hash | text | |
parsed.extensions.tor_service_descriptors.hash_bits | integer | |
parsed.extensions.tor_service_descriptors.onion | text |
ISSUER
Path | Type | Docs |
---|---|---|
parsed.issuer.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
parsed.issuer.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
parsed.issuer.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
parsed.issuer.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
parsed.issuer.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
parsed.issuer.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
parsed.issuer.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
parsed.issuer.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
parsed.issuer.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
parsed.issuer.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
parsed.issuer.organization_id | text | |
parsed.issuer.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
parsed.issuer.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
parsed.issuer.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
parsed.issuer.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
parsed.issuer.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
parsed.issuer.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
SIGNATURE
Path | Type | Docs |
---|---|---|
parsed.signature.self_signed | boolean | Whether the certificate was signed by its own key. |
parsed.signature.signature_algorithm.name | text | Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record. |
parsed.signature.signature_algorithm.oid | text | |
parsed.signature.valid | boolean | Whether the signature is valid. |
parsed.signature.value | text | Contents of the signature. |
SUBJECT
Path | Type | Docs |
---|---|---|
parsed.subject.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
parsed.subject.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
parsed.subject.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
parsed.subject.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
parsed.subject.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
parsed.subject.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
parsed.subject.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
parsed.subject.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
parsed.subject.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
parsed.subject.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
parsed.subject.organization_id | text | |
parsed.subject.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
parsed.subject.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
parsed.subject.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
parsed.subject.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
parsed.subject.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
parsed.subject.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
PUBLIC KEY
Path | Type | Docs |
---|---|---|
parsed.subject_key_info.dsa.g | text | |
parsed.subject_key_info.dsa.p | text | |
parsed.subject_key_info.dsa.q | text | |
parsed.subject_key_info.dsa.y | text | |
parsed.subject_key_info.ecdsa.b | text | |
parsed.subject_key_info.ecdsa.curve | text | |
parsed.subject_key_info.ecdsa.gx | text | |
parsed.subject_key_info.ecdsa.gy | text | |
parsed.subject_key_info.ecdsa.length | long | |
parsed.subject_key_info.ecdsa.n | text | |
parsed.subject_key_info.ecdsa.p | text | |
parsed.subject_key_info.ecdsa.pub | text | |
parsed.subject_key_info.ecdsa.x | text | |
parsed.subject_key_info.ecdsa.y | text | |
parsed.subject_key_info.fingerprint_sha256 | text | The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo. |
parsed.subject_key_info.key_algorithm.name | text | Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record. |
parsed.subject_key_info.key_algorithm.oid | text | |
parsed.subject_key_info.rsa.exponent | long | The RSA key's public exponent (e). |
parsed.subject_key_info.rsa.length | long | Bit-length of the RSA modulus. |
parsed.subject_key_info.rsa.modulus | text | The RSA key's modulus (n) in big-endian encoding. |
parsed.subject_key_info.unrecognized.raw | text |
UNKNOWN EXTENSIONS
Path | Type | Docs |
---|---|---|
parsed.unknown_extensions.critical | boolean | |
parsed.unknown_extensions.id | text | |
parsed.unknown_extensions.value | text |
VALIDITY PERIOD
Path | Type | Docs |
---|---|---|
parsed.validity_period.length_seconds | long | The duration of the certificate's validity period, in seconds. |
parsed.validity_period.not_after | date | An RFC-3339-formatted timestamp after which the certificate is no longer valid. |
parsed.validity_period.not_before | date | An RFC-3339-formatted timestamp before which the certificate is not valid. |
CRL VALIDATION
Path | Type | Docs |
---|---|---|
revocation.crl.next_update | date | |
revocation.crl.reason | text | An enumerated value indicating the issuer-supplied reason for the revocation. |
revocation.crl.revocation_time | date | The issuer-supplied timestamp indicating when the certificate was revoked. |
revocation.crl.revoked | boolean | Whether the certificate has been revoked before its expiry date by the issuer. |
revoked | boolean | Whether the certificate has been revoked before its expiry date by the issuer. |
OCSP VALIDATION
Path | Type | Docs |
---|---|---|
revocation.ocsp.next_update | date | |
revocation.ocsp.reason | text | An enumerated value indicating the issuer-supplied reason for the revocation. |
revocation.ocsp.revocation_time | date | The issuer-supplied timestamp indicating when the certificate was revoked. |
revocation.ocsp.revoked | boolean | Whether the certificate has been revoked before its expiry date by the issuer. |
APPLE VALIDATION
Path | Type | Docs |
---|---|---|
validation.apple.chains.sha256fp | text | |
validation.apple.ever_valid | boolean | Whether the certificate has ever been considered valid by the root store. |
validation.apple.had_trusted_path | boolean | Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
validation.apple.has_trusted_path | boolean | Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
validation.apple.in_revocation_set | boolean | Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store. |
validation.apple.is_valid | boolean | Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
validation.apple.parents | text | The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
CHROME VALIDATION
Path | Type | Docs |
---|---|---|
validation.chrome.chains.sha256fp | text | |
validation.chrome.ever_valid | boolean | Whether the certificate has ever been considered valid by the root store. |
validation.chrome.had_trusted_path | boolean | Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
validation.chrome.has_trusted_path | boolean | Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
validation.chrome.in_revocation_set | boolean | Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store. |
validation.chrome.is_valid | boolean | Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
validation.chrome.parents | text | The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
MICROSOFT VALIDATION
Path | Type | Docs |
---|---|---|
validation.microsoft.chains.sha256fp | text | |
validation.microsoft.ever_valid | boolean | Whether the certificate has ever been considered valid by the root store. |
validation.microsoft.had_trusted_path | boolean | Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
validation.microsoft.has_trusted_path | boolean | Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
validation.microsoft.in_revocation_set | boolean | Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store. |
validation.microsoft.is_valid | boolean | Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
validation.microsoft.parents | text | The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
NSS (FIREFOX) VALIDATION
Path | Type | Docs |
---|---|---|
validation.nss.chains.sha256fp | text | |
validation.nss.ever_valid | boolean | Whether the certificate has ever been considered valid by the root store. |
validation.nss.had_trusted_path | boolean | Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
validation.nss.has_trusted_path | boolean | Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
validation.nss.in_revocation_set | boolean | Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store. |
validation.nss.is_valid | boolean | Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
validation.nss.parents | text | The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
ZLINT
Path | Type | Docs |
---|---|---|
zlint.errors_present | boolean | Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard. |
zlint.failed_lints | text | A list of lint names which failed, if applicable. |
zlint.fatals_present | boolean | Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard. |
zlint.notices_present | boolean | Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard. |
zlint.timestamp | date | An RFC-3339-formated timestamp indicating when the certificate was linted. |
zlint.version | long | The version of Zlint used to lint the certificate. |
zlint.warnings_present | boolean | Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard. |
MISC
Path | Type | Docs |
---|---|---|
parent_spki_subject_fingerprint_sha256 | text | The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject. |
parsed.serial_number_hex | text | Issuer-specific identifier of the certificate, represented as hexadecimal. |
spki_subject_fingerprint_sha256 | text | The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject. |