Use this API to retrieve certificates. You can use various filters to search the required result. You can use multiple filters and parameters. We have updated the limit for fetching the certificates.
You can see only those assets that have been assigned by your manager user. When you send an API request, you can access information about the assets and their corresponding certificates assigned to you, based on scope. For more information on tag-based user scoping refer to Certificate View Online help.
If you need to fetch certificate search results that exceed 10000 certificates, you can use this v2 version of List CertView Certificate API. The response contains certificate details, including associated host information and SSL/TLS related vulnerabilities and grades.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
filter |
Optional | String |
Filter the events list by providing a query using Qualys syntax. If you do not provide filter parameter, it shows details of all the certificates. For the list of tokens you can use to build the query refer to Search tokens and supported format. |
|
pageNumber |
Optional | Integer |
The page to be returned. The default value is zero. |
|
pageSize |
Optional | Integer |
Provide the number of records per page to be included in the response. Default: 10 Maximum: 200 For example, the total result set is 50 assets. If the page size is specified as 10, then the result is divided in 5 pages with 10 assets each. |
|
includes |
Optional | String |
Includes the specified parameters in the response For example- ASSET_INTERFACES, VULNERABILITIES, SSL_PROTOCOLS, CIPHER_SUITES, ASSET_TAGS, EXTENSIVE_CERTIFICATE_INFO |
| excludeFields | Optional | String |
Exclude the specified parameters from the response.
Note: You can exclude multiple fields in the same query by using comma-separated field names. For more details, refer to the the Compatible tokens, date formats and supported operators |
|
Authorization |
Mandatory | String |
Authorization token to authenticate to the Qualys Cloud Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken |
Notes: While creating your query, ensure the following:
Value field can not be empty when the comparison operator is other than IS_EMPTY and IS_NOT_EMPTY
There can not be more than 1000 values provided (in csv format) when operator is IN
CONTAINS operator does not work with field of type Date, Boolean and IP Address
GREATER, LESSER , GREATER_THAN_EQUAL and LESS_THAN_EQUAL do not work with Boolean, string and IP address.
The following sample request specifies page size as 10 and filter as certificate.id and includes the parameter as ASSET_INTERFACES in the request. The request fetches all certificates related to this query. The response has certificate details and related asset and instance summary.
API Request
curl -X POST
"<qualys_base_url>/certview/v2/certificates" -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"filters\":[{\"field\":\"certificate.id\",\"value\":\"string\",\"operator\":\"IS_NOT_EMPTY\"}],\"operation\":\"AND\"},\"pageNumber\":0,\"pageSize\":10,\"includes\":[\"ASSET_INTERFACES\"]}" -H "Authorization: Bearer <JWT Token>"
Response
[
{
"id": 30029,
"certhash": "192a86240c5ec5d87dd108f17e2543e78439101f193c99c53193f60d115b885d",
"keySize": 2048,
"serialNumber": "05e2ad055846148575bc6476367916b7",
"validToDate": "2024-02-13T23:59:59.000+00:00",
"validTo": 1707868799000,
"validFromDate": "2023-02-13T00:00:00.000+00:00",
"validFrom": 1676246400000,
"signatureAlgorithm": "SHA256withRSA",
"extendedValidation": true,
"createdDate": "2023-03-29T11:16:15.000+00:00",
"dn": "CN=www.qualys.com, O=\"Qualys, Inc.\", L=Foster City,
ST=California, C=US, serialNumber=3152140, businessCategory=Private
Organization, StateOrProvince=Delaware, CountryName=US","subject": {
"organization": "Qualys, Inc.",
"locality": "Foster City",
"name": "www.qualys.com",
"state": "California",
"country": "US",
"organizationUnit": []
},
"updateDate": "2023-03-31T10:01:05.000+00:00",
"lastFound": 1680256865000,
"imported": false,
"selfSigned": false,
"issuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert SHA2 Extended Validation Server CA",
"country": "US",
"state": "",
"certhash": "403e062a2653059113285baf80a0d4ae422c848c9f78fad01fc94bc5b87fef1a",
"locality": ""
},
"rootissuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert High Assurance EV Root CA",
"country": "US",
"state": "",
"certhash": "7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf",
"locality": ""
},
"issuerCategory": "DigiCert SHA2 Extended Validation Server CA",
"instanceCount": 2,
"assetCount": 2,
"sources": [
"VM",
"QAGENT"
],
"assets": [
{
"id": 21045704,
"uuid": "646c7aa5-cfdc-4294-bea7-xxxxxac03f4",
"netbiosName": "",
"name": "www.qualys.com",
"operatingSystem": "NetScaler",
"hostInstances": [
{
"id": 6404,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "A"
}
],
"primaryIp": "64.39.xx.xxx"
},
{
"id": 17785749,
"uuid": "99fxxxxx-4c11-49e1-8898-82e9982b0710",
"netbiosName": "",
"name": "qualys.com",
"operatingSystem": "NetScaler",
"hostInstances": [
{
"id": 6442,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "A"
}
],
"assetInterfaces": [
{
"hostname": "qualys.com",
"address": "64.39.xx.xxx"
}
],
"primaryIp": "64.39.xx.xxx"
}
]
}
]
The following sample request specifies page size as 10 and two filters as certificate.id , certificate.hash and includes the parameters as ASSET_INTERFACES and ASETS_TAGS in the request; the request fetches all certificates related to this query. The response has certificate details and related asset and instance summary.
API Request
curl -X POST
"<qualys_base_url>/certview/v2/certificates" -H "Accept: application/json" -H "Content-Type: application/json" -d {\"filter\":{\"filters\":[{\"field\":\"certificate.id\",\"value\":\"string\",\"operator\":\"IS_NOT_EMPTY\"},{\"field\":\"certificate.certhash\",\"value\":\"466dc3a5d7e15c4c4d518eb910f92c968e26f6d0f00dd77df04c2b4a163ec71e\",\"operator\":\"EQUALS\"}],\"operation\":\"AND\"},\"pageNumber\":0,\"pageSize\":10,\"includes\":[\"ASSET_INTERFACES\",\"ASSET_TAGS\"]}" -H "Authorization: Bearer <JWT Token>"
Response
[
{
"id": 30029,
"certhash": "192a86240c5ec5d87dd108f17e2543e78439101f193c99c53193f60d115b885d",
"keySize": 2048,
"serialNumber": "05e2ad055846148575bc6476367916b7",
"validToDate": "2024-02-13T23:59:59.000+00:00",
"validTo": 1707868799000,
"validFromDate": "2023-02-13T00:00:00.000+00:00",
"validFrom": 1676246400000,
"signatureAlgorithm": "SHA256withRSA",
"extendedValidation": true,
"createdDate": "2023-03-29T11:16:15.000+00:00",
"dn": "CN=www.qualys.com, O=\"Qualys, Inc.\", L=Foster City,
ST=California, C=US, serialNumber=3152140, businessCategory=Private
Organization, StateOrProvince=Delaware, CountryName=US","subject": {
"organization": "Qualys, Inc.",
"locality": "Foster City",
"name": "www.qualys.com",
"state": "California",
"country": "US",
"organizationUnit": []
},
"updateDate": "2023-03-31T10:01:05.000+00:00",
"lastFound": 1680256865000,
"imported": false,
"selfSigned": false,
"issuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert SHA2 Extended Validation Server CA",
"country": "US",
"state": "",
"certhash": "403e062a2653059113285baf80a0d4ae422c848c9f78fad01fc94bc5b87fef1a",
"locality": ""
},
"rootissuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert High Assurance EV Root CA",
"country": "US",
"state": "",
"certhash": "7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf",
"locality": ""
},
"issuerCategory": "DigiCert SHA2 Extended Validation Server CA",
"instanceCount": 2,
"assetCount": 2,
"sources": [
"VM",
"QAGENT"
],
"assets": [
{
"id": 21045704,
"uuid": "646c7aa5-cfdc-4294-bea7-d43664ac03f4",
"netbiosName": "",
"name": "www.qualys.com",
"operatingSystem": "NetScaler",
"hostInstances": [
{
"id": 6404,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "A"
}
],
"primaryIp": "64.39.xx.xxx"
},
{
"id": 17785749,
"uuid": "99f29795-4c11-49e1-8898-82e9982b0710",
"netbiosName": "",
"name": "qualys.com",
"operatingSystem": "NetScaler",
"hostInstances": [
{
"id": 6442,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "A"
}
],
"assetInterfaces": [
{
"hostname": "qualys.com",
"address": "64.39.xx.xxx"
}
],
"primaryIp": "64.39.xx.xxx"
}
]
}
]
The following sample request specifies filter as certificate.validFromDate and includes the parameter as date in the request. The request fetches all certificates related to this query. The response has certificate details and related asset and instance summary.
API Request
curl -X POST
"<qualys_base_url>/certview/v2/certificates" -H "accept: application/json" -H ""Content-Type: application/json" -d "{\"filter\":{\"filters\":[{\"field\":\"certificate.validFromDate\",\"value\":\"2022-09-22 00:00:00\",\"operator\":\"GREATER_THAN_EQUAL\"}],\"operation\":\"AND\"},\"pageNumber\":0,\"pageSize\":1,\"includes\":[\"ASSET_INTERFACES\"]}" -H "Authorization: Bearer <JWT Token>"
Response
[
{
"id": 30029,
"certhash": "192a86240c5ec5d87dd108f17e2543e78439101f193c99c53193f60d115b885d",
"keySize": 2048,
"serialNumber": "05e2ad055846148575bc6476367916b7",
"validToDate": "2024-02-13T23:59:59.000+00:00",
"validTo": 1707868799000,
"validFromDate": "2023-02-13T00:00:00.000+00:00",
"validFrom": 1676246400000,
"signatureAlgorithm": "SHA256withRSA",
"extendedValidation": true,
"createdDate": "2023-03-29T11:16:15.000+00:00",
"dn": "CN=www.qualys.com, O=\"Qualys, Inc.\", L=Foster
City, ST=California, C=US, serialNumber=3152140,
businessCategory=Private Organization, StateOrProvince=Delaware,
CountryName=US","subject": {
"organization": "Qualys, Inc.",
"locality": "Foster City",
"name": "www.qualys.com",
"state": "California",
"country": "US",
"organizationUnit": []
},
"updateDate": "2023-03-31T10:01:05.000+00:00",
"lastFound": 1680256865000,
"imported": false,
"selfSigned": false,
"issuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert SHA2 Extended Validation Server CA",
"country": "US",
"state": "",
"certhash": "403e062a2653059113285baf80a0d4ae422c848c9f78fad01fc94bc5b87fef1a",
"locality": ""
},
"rootissuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert High Assurance EV Root CA",
"country": "US",
"state": "",
"certhash": "7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf",
"locality": ""
},
"issuerCategory": "DigiCert SHA2 Extended Validation Server
CA","instanceCount": 2,
"assetCount": 2,
"sources": [
"VM",
"QAGENT"
],
"assets": [
{
"id": 21045704,
"uuid": "646c7aa5-cfdc-4294-bea7-d43664ac03f4",
"netbiosName": "",
"name": "www.qualys.com",
"operatingSystem": "NetScaler",
"hostInstances": [
{
"id": 6404,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "A"
}
],
"primaryIp": "64.39.xx.xxx"
},
{
"id": 17785749,
"uuid": "99f29795-4c11-49e1-8898-82e9982b0710",
"netbiosName": "",
"name": "qualys.com",
"operatingSystem": "NetScaler",
"hostInstances": [
{
"id": 6442,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "A"
}
],
"assetInterfaces": [
{
"hostname": "qualys.com",
"address": "64.39.xx.xxx"
}
],
"primaryIp": "64.39.xx.xxx"
}
]
}
]
The following sample request specifies page size as 10 and filter as certificate.id and includes the parameter as ASSET_INTERFACES and exclude field parameter as certificate.subject the request. The request fetches all certificates related to this query. The response has certificate details and related asset and instance summary but excludes certificate subject field.
API request
curl -X 'POST'
"<qualys_base_url>/certview/v2/certificates' \
-H 'accept: application/json'-H 'Authorization: Bearer \
-H 'Content-Type: application/json' -d '{"filter": {
"filters": [{"field": "certificate.id","value": "6677", "operator": "CONTAINS"}],"operation": "AND"},"pageNumber": 0, "pageSize": 10,"includes": ["ASSET_INTERFACES"],"excludeFields": "certificate.subject"}"
Response
[
{
"id": 30029,
"certhash": "192a86240c5ec5d87dd108f17e2543e78439101f193c99c53193f60d115b885d",
"keySize": 2048,
"serialNumber": "05e2ad055846148575bc6476367916b7",
"validToDate": "2024-02-13T23:59:59.000+00:00",
"validTo": 1707868799000,
"validFromDate": "2023-02-13T00:00:00.000+00:00",
"validFrom": 1676246400000,
"signatureAlgorithm": "SHA256withRSA",
"extendedValidation": true,
"createdDate": "2023-03-29T11:16:15.000+00:00",
"dn": "CN=www.qualys.com, O=\"Qualys, Inc.\", L=Foster City,
ST=California, C=US, serialNumber=3152140, businessCategory=Private
Organization, StateOrProvince=Delaware, CountryName=US","subject": {
"organization": "Qualys, Inc.",
"locality": "Foster City",
"name": "www.qualys.com",
"state": "California",
"country": "US",
"organizationUnit": []
},
"updateDate": "2023-03-31T10:01:05.000+00:00",
"lastFound": 1680256865000,
"imported": false,
"selfSigned": false,
"issuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert SHA2 Extended Validation Server CA",
"country": "US",
"state": "",
"locality": ""
},
"rootissuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert High Assurance EV Root CA",
"country": "US",
"state": "",
"certhash": "7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf",
"locality": ""
},
"issuerCategory": "DigiCert SHA2 Extended Validation Server CA",
"instanceCount": 2,
"assetCount": 2,
"sources": [
"VM",
"QAGENT"
],
"assets": [
{
"id": 21045704,
"uuid": "646c7aa5-cfdc-4294-bea7-d43664ac03f4",
"netbiosName": "",
"operatingSystem": "NetScaler",
"hostInstances": [
{
"id": 6404,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "A"
}
],
"primaryIp": "64.39.xx.xxx"
},
{
"id": 17785749,
"uuid": "99f29795-4c11-49e1-8898-82e9982b0710",
"netbiosName": "",
"operatingSystem": "NetScaler",
"hostInstances": [
{
"id": 6442,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "A"
}
],
"assetInterfaces": [
{
"hostname": "qualys.com",
"address": "64.39.xx.xxx"
}
],
"primaryIp": "64.39.xx.xxx"
}
]
}
]
API Request
curl -X 'POST'
'<qualys_base_url>/certview/v2/certificates'
-H 'accept: application/json'
-H 'Bearer <JWT Token>'
-H 'Content-Type: application/json'
-d'{
"filter": {
"filters": [
{
"field":"asset.wasUrl",
"value":"https://api.example.com",
"operator": "CONTAINS"
},
{
"field":"certificate.type",
"value":"Leaf",
"operator": "EQUALS"
}
],
"operation": "AND"
},
"pageNumber": 0,
"pageSize": 10,
"includes": [
"ASSET_INTERFACES"
],
"assetType": "ALL"
}'
Response
[
{
"id":461017,
"certhash":"6613xxx30cf5ddcccfdxxxxx44f9b332a9ae0b4304xxxxx646f7bc7xxxxx5bd",
"keySize":2048,
"serialNumber":"0280377f8746af438fc99a2ed4127db5",
"validToDate":"2024-09-13T23:59:59.000+00:00",
"validTo":1726271999000,
"validFromDate":"2023-09-14T00:00:00.000+00:00",
"validFrom":1694649600000,
"signatureAlgorithm":"SHA256withRSA",
"extendedValidation":false,
"createdDate":"2024-05-17T00:42:02.000+00:00",
"dn":"CN=api.example.com, O=\"Qualys, Inc.\", L=Foster City,
ST=California, C=US",
"subject":{
"organization":"Qualys, Inc.",
"locality":"Foster City",
"name":"api.example.com",
"state":"California",
"country":"US",
"organizationUnit":[
]
},
"updateDate":"2024-05-17T01:15:46.000+00:00",
"lastFound":1715908546000,
"imported":false,
"selfSigned":false,
"type":"Leaf" "issuer":{
"organization":"DigiCert Inc",
"organizationUnit":[
],
"name":"DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"country":"US",
"state":"",
"certhash":"c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9",
"locality":""
},
"rootissuer":{
"organization":"DigiCert Inc",
"organizationUnit":[
"www.digicert.com"
],
"name":"DigiCert Global Root G2",
"country":"US",
"state":"",
"certhash":"cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f",
"locality":""
},
"issuerCategory":"unapproved",
"instanceCount":1,
"assetCount":1,
"sources":[
"WAS"
],
"assets":[
{
"id":44361432,
"uuid":"9c07ae8b-c051-4b9d-8a2d-21075c812658",
"netbiosName":"",
"name":"api.example.com",
"operatingSystem":"",
"hostInstances":[
{
"id":1253151,
"port":443,
"fqdn":"",
"protocol":"tcp",
"grade":"C"
}
],
"wasUrl":"https://api.example.com"
}
]
}
]