Search Tokens for Certificates
You can use search tokens to search for certificate information on Certificates tab.
asset:(assetInterface.addressasset:(assetInterface.address
Use a text value ##### to specify the host IP address.
Example
Show certificates on assets that have this host IP address
asset:(assetInterface.address: 10.20.30.40)
asset:(assetInterface.hostnameasset:(assetInterface.hostname
Use a text value ##### to specify the interface hostname.
Example
Show certificates on assets that have this hostname
asset:(assetInterface.hostname: xpsp2-jp-26-111)
asset:(externalasset:(external
Use the values true | false to find external assets. If the selected value is true, then the query displays all the external assets. If the selected value is false, then the query displays internal assets.
Examples
Show external assets.
asset:(external: true)
Show internal assets.
asset:(external: false
Use a text value ##### to specify the asset name.
Example
Show certificates on assets that have this asset name
asset:(name: server1)
asset:(netbiosNameasset:(netbiosName
Use a text value ##### to specify the host NetBios name.
Example
Show certificates on assets that have this host NetBios name
asset:(netbiosName: server1)
Use a text value ##### to specify WAS URL to search certificates on the assets scanned by WAS.
Example
Show certificates on assets scanned by WAS using WAS URL
asset:(wasUrl:"https://www.example.com")
certificate:(approvedcertificate:(approved
Use the values true | false to find certificates from approved CAs.
Example
Show certificates that have approval status true from approved CAs
certificate:(approved: true)
certificate:(archiveReasoncertificate:(archiveReason
Use a text value ##### to list all certificates that were archived for the specified reason. Values can be: Expired, Ignored, Other, Renewed, Replaced, Retired, Revoked, Suspended.
Examples
Show certificates that were archived with reason: Revoked
certificate:(archiveReason: Revoked)
Show certificates that were archived with reason:
Expired
certificate:(archiveReason: Expired)
certificate:(browserDistrust:certificate:(browserDistrust:
Use the value potential to search a list of leaf certificates distrusted by Google Chrome.
Example
Show list of leaf certificates distrusted by Google Chrome
certificate:(browserDistrust: potential)
certificate:(browserDistrustIssuedByEntrust:certificate:(browserDistrustIssuedByEntrust:
Use the subject name as the token value to search a list of leaf certificates issued by the certificate authority (CA) Entrust, which Google Chrome no longer trusts. Token values are AffirmTrust Commercial | AffirmTrust Networking | AffirmTrust Premium | AffirmTrust Premium ECC | Entrust Root Certification Authority | Entrust Root Certification Authority - EC1 | Entrust Root Certification Authority - G2 | Entrust Root Certification Authority - G4 | Entrust.net Certification Authority (2048).
Example
Show the list of leaf certificates by the certificate authority (CA) Entrust.
certificate:(browserDistrustIssuedByEntrust: Entrust Root Certification Authority)
certificate:(browserDistrustExpiryGroup:certificate:(browserDistrustExpiryGroup:
Use the time ranges to search for leaf certificates issued by the certificate authority (CA) Entrust, which Google Chrome no longer trusts and are expiring during the period. Token values are 0-30 Days | 31-60 Days | 61-90 Days| 180+ Days | 91-180 Days| Expired.
Example
Show the list of leaf certificates expiring during the specified period issued by the certificate authority (CA) Entrust.
certificate:(browserDistrustExpiryGroup: 31-60 Days)
certificate:(certhashcertificate:(certhash
Use a text value ##### to specify certificate fingerprint of the certificates.
Example
Show certificates that have this hash value
certificate:(certhash: 20e1541486f2cd405559d8483a3663f2a77c3cf93c72f4f915259f084f814221)
certificate:(dncertificate:(dn
Use a text value ##### to list all certificates that have the specified subject identifier in the certificate subject distinguished name (DN).
Examples
Show certificates that have this subject identifier in the distinguished name.
certificate:(dn: ST=California)
certificate:(expiryGroupcertificate:(expiryGroup
Use quotes or backticks within values to filter certificates according to expired time. Values can be: Expired or In n Days where n is any number
Examples
Show certificates which expired in last 20 days
certificate:(expiryGroup: "In 20 Days")
Show all expired certificates in your subscription
certificate:(expiryGroup: "Expired")
certificate:(isRenewablecertificate:(isRenewable
Use the values true | false to find certificates that can only be renewed with Qualys. Certificates can be renewed with Qualys if they are issued by a DigiCert CA and are expiring in next 90 days or are already expired.
Example
Show certificates that are renewable with Qualys
certificate:(isRenewable: true)
certificate:(issuer.countrycertificate:(issuer.country
Use a text value ##### to specify the country mentioned in the issuer distinguished name.
Example
Show certificates that have this country in issuer DN
certificate:(issuer.country: US)
certificate:(issuer.namecertificate:(issuer.name
Use a text value ##### to specify name of the issuing certificate authority.
Example
Show the certificates having this issuing authority name
certificate:(issuer.name: Symantec Class 3 EV
SSL CA - G3)
certificate:(issuer.organizationcertificate:(issuer.organization
Use a text value ##### to specify the organization mentioned in the issuer distinguished name.
Example
Show certificates that have this organization in issuer DN
certificate:(issuer.organization: Symantec Corporation)
certificate:(issuer.organizationUnitcertificate:(issuer.organizationUnit
Use a text value ##### to specify the organization unit mentioned in the issuer distinguished name.
Example
Show certificates that have this organization unit in issuer DN
certificate:(issuer.organizationUnit: Symantec
Trust Network)
certificate:(issuerCategorycertificate:(issuerCategory
Use the values Self-signed | CA to specify the category of certificate.
Example
Show DigiCert SHA2 Extended Validation Server CA certificates
certificate:(issuerCategory: DigiCert SHA2 Extended
Validation Server CA)
certificate:(keySizecertificate:(keySize
Use a text value ##### to specify the key length of a certificate.
Example
Show certificates that have 2048-bit keys
certificate:(keySize: 2048)
certificate:(selfSignedcertificate:(selfSigned
Use the values true | false to find certificates that are self-signed.
Example
Show certificates that are self-signed
certificate:(selfSigned: true)
certificate:(serialNumbercertificate:(serialNumber
Use the values ##### to find a certificate having a specific serial number.
Example
Show the certificate that has this serial number
certificate:(serialNumber: "01ab8a210a7cf9955665c47fca758459ca78")
certificate:(signatureAlgorithmcertificate:(signatureAlgorithm
Use a text value ##### to specify the signing algorithm for a certificate.
Example
Show certificates that use this signature algorithm
certificate:(signatureAlgorithm: SHA256withRSA)
certificate:(subject.country:certificate:(subject.country:
Use a text value ##### to specify the country mentioned in the subject distinguished name.
Example
Show certificates that have this country in subject DN
certificate:(subject.country: US)
certificate:(subject.localitycertificate:(subject.locality
Use a text value ##### to specify the locality mentioned in the subject distinguished name.
Example
Show certificates that have this locality in subject DN
certificate:(subject.locality: Redwood City)
certificate:(subject.namecertificate:(subject.name
Use a text value ##### to define the certificate name.
Example
Show certificates with this name
certificate:(subject.name: www.qualys.com)
certificate:(subject.organizationcertificate:(subject.organization
Use a text value ##### to specify the organization mentioned in the subject distinguished name.
Example
Show certificates that have this organization in subject DN
certificate:(subject.organization: Qualys, Inc.)
certificate:(subject.statecertificate:(subject.state
Use a text value ##### to specify the state mentioned in the subject distinguished name.
Example
Show certificates that have this state in subject DN
certificate:(subject.state: California)
certificate:(subjectAlternativeNames.dnsNamecertificate:(subjectAlternativeNames.dnsName
Use a text value ##### show the DNS Name in Certificate Subject Alternate Name (SAN).
Example
Show certificates that have the specified DNS Name in Certificate SAN
certificate:(subjectAlternativeNames.dnsName: www.qualys.com)
certificate:(subjectAlternativeNames.ipAddresscertificate:(subjectAlternativeNames.ipAddress
Use a text value ##### to show the IP address in Certificate Subject Alternate Name (SAN).
Example
Show certificates that have the specified the IP address in Certificate SAN
certificate:(subjectAlternativeNames.ipAddress: 10.113.197.210)
certificate:(typecertificate:(type
Use the values Intermediate | Leaf | Root to find these certificate types.
Example
Show all Intermediate certificates
certificate:(type: Intermediate)
certificate:(validFromcertificate:(validFrom
Use a date range or specific date to define validation date of the certificates.
Examples
Show certificates that are valid within certain dates
certificate:(validFrom: [2018-06-15 ... 2018-06-30])
Show certificates that are valid on a specific date
certificate:(validFrom: '2017-12-14')
certificate:(validTocertificate:(validTo
Use a date range or specific date to specify expiration date of the certificates.
Examples
Show certificates that expire before 2022-01-20
certificate:(validTo < "2022-01-20")
Show certificates that expire after 2020
certificate:(validTo > "2020")
Show certificates that expire before March 2020 (yyyy-mm)
certificate:(validTo < "2020-03")
Show certificates that expire between today and 2020-12-01
certificate:(validTo: "[now..2020-12-01]")
certificate:(validitycertificate:(validity
Use an integer value ##### to search the certificates based on their validity.
Note: For the Rule query builder of the Responses tab qualifiers like d, m, y are currently not supported. Please specify the value in number of days only.
Examples
Show all certificates whose validity is greater than 200 days
certificate:(validity > 200)
Show all certificates whose validity is less than 200 days
certificate:(validity < 200d)
Show all certificates whose validity is greater than 3 months. Here one month is considered as 30 days.
certificate:(validity > 3m)
Show all certificates whose validity is greater than 1 year. Here one year is considered as 365 days.
certificate:(validity > 1y)
instance:(cipherSuites.valueinstance:(cipherSuites.value
Use a text value ##### to list the certificates that have cipher suits enabled in the SSL/TLS instance.
Example
Show certificates that have this cipher suit enabled in the SSL/TLS instance
instance:(cipherSuites.value: DES-CBC3-SHA)
Use a text value ##### to specify host FQDN of the assets.
Example
Show certificates on assets that have this host FQDN
instance:(fqdn: server1.qualys.com)
instance:(gradeinstance:(grade
instance:(grade
Use a text value ##### to specify the Certificate Grade for an instance on the host.
Example
Show certificates that have this Certificate Grade for an instance on the host
instance:(grade: B)
Use an integer value ##### to specify the listening port.
Example
Show certificates on assets that have this listening port open
instance:(port: 443)
instance:(service instance:(service
Use a text value ##### to specify service.
Example
Show certificates on assets that have this service
instance:(service: SMTP)
instance:(sourcesinstance:(sources
Use a text value ##### to find the certificates scanned through VM (Vulnerability Management), Qualys Cloud Agent and WAS (Web Application Scanning). Values are IP Scanner, Cloud Agent, EASM and WAS.
Examples
Show certificates that are scanned through VM (Vulnerability Management)
instance:(sources: IP Scanner)
Show certificates that are scanned through Qualys Cloud Agent
instance:(sources: Cloud Agent)
Show certificates that are scanned through WAS
instance:(sources: WAS)
Show certificates that are scanned through EASM
instance:(sources: EASM)
instance:(sslProtocolsinstance:(sslProtocols
Use a value ##### to specify SSL/TLS protocols.
Example
Show certificates on assets that have this SSL/TLS protocol
instance:(sslProtocols: TLSv1.2)
instance:(vulns.qidinstance:(vulns.qid
Use an integer value ##### to specify vulnerability QID.
Example
Show certificates on assets that have this vulnerability QID
instance:(vulns.qid: 38603)
instance:(vulns.severityinstance:(vulns.severity
Use an integer value ##### to specify vulnerability severity.
Example
Show certificates on assets that have this vulnerability severity
instance:(vulns.severity: 3)
instance:(vulns.titleinstance:(vulns.title
Use a text value ##### to specify vulnerability title.
Example
Show certificates on assets with vulnerabilities that have POODLE in the vulnerability title
instance:(vulns.title: POODLE)
certificate.request.cncertificate.request.cn
Use a text value ##### to specify the common name of the certificate you’re interested in.
Example
Show all certificates with common name certificate.qualys-demo.com
certificate.request.cn: certificate.qualys-demo.com
certificate.request.datecertificate.request.date
Use a date range or specific date to define when certificates were requested.
Examples
Show findings with certificates requested within certain dates
certificate.request.date: [2017-06-15 ... 2017-06-30]
Show findings with certificates requested starting 2017-06-22, ending 1 month ago
certificate.request.date: [2017-06-22 ... now-1M]
Show findings with certificates requested starting 2 weeks ago, ending 1 second ago
certificate.request.date: [now-2w ... now-1s]
Show findings with certificates requested on specific date
certificate.request.date: '2017-06-14'
certificate.request.statuscertificate.request.status
Use quotes or backticks within values to help you find the certificate request status. Choose the status values from: SUBMITTED, APPROVED, REJECTED, POSTED, DENIED
Examples
Show any findings with this status
certificate.request.status: SUBMITTED
Show any findings that match exact value
certificate.request.status: "SUBMITTED"
certificate.request.typecertificate.request.type
Use the values ENROLLMENT | RENEWAL to specify the type of your certificate request.
Example
Show all certificates requested for renewal
certificate.request.type: RENEWAL
Supported Boolean Operators
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down the search by using the 'and' operator in the Boolean query. The result contains all the token values that are provided in the query.
Example
Show the certificates issued by DigiCert and will expire in 30 days
certificate:(expiryGroup:In 30 Days and
issuer.name:DigiCert)
Narrow down the search by using the 'not' operator in the Boolean query. The result contains all the other values except the one specified after 'not' in the query.
Example
Exclude the certificates that are issued by Qualys in the search result
certificate:(not issuer.organization:Qualys)
Broaden the search by using the 'or' operator in the Boolean query. The result contains any of the token values that are provided in the query.
Example
Show the assets having an operating system as Windows or Netscaler
asset:(operatingSystem:Windows or operatingSystem:Netscaler)
We do not support nested queries for combination of NOT and OR operators.
For example, not certificate:(expiryGroup:In 90 Days ) or asset:(operatingSystem:'Windows') is not a supported query.