Certificate View Release 4.5 API
July 21, 2025
Before understanding the API release highlights, learn more about the API server URL for your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
Certificate View API Versioning Support
We have scheduled API versioning for End-of-Support (EOS) and End-of-Life (EOL). We recommend migrating to the latest versions of these APIs to ensure continued compatibility, support, and access to the latest features and security enhancements.
Impacted APIs
The following are the impacted APIs:
List CertView Certificates v1 API
List CertView Certificates v2 API
To support your understanding, definitions of key terms such as End-of-Support (EOS) and End-of-Life (EOL) are given here, explaining the lifecycle of each endpoint.
End-of-Support (EOS)End-of-Support (EOS)
End-of-Support for an API version signifies the point at which Qualys will no longer actively maintain or enhance that specific version. While the API may continue to function, it will not receive new features, performance improvements, or security updates. This phase is intended to provide a grace period for API consumers to migrate to newer versions.
Implications of End-of-Support
- No New Features: The API version will not receive any further functional enhancements or new capabilities.
- Limited Bug Fixes: Critical security vulnerabilities may be addressed case-by-case, but general bug fixes for non-critical issues will stop.
- No Performance Improvements: Optimization efforts focus solely on newer API versions.
- Reduced Support Channels: Technical support for issues related to this specific API version may become limited, and users are strongly recommended to upgrade.
- No Guarantees of Reliability: While the API may remain operational, Qualys offers no guarantees regarding its continued reliability beyond the EOS date.
End-of-Life (EOL)End-of-Life (EOL)
End-of-life is the final stage in which an API version is officially retired and completely decommissioned. After the EOL date, the API will no longer be available, and any calls to it will result in errors. This marks the complete discontinuation of service for that specific API version.
Implications of End-of-Life
- API Decommissioning: The API endpoint for this version is shut down and will no longer accept requests.
- Complete Service Stoppage: All functionalities provided by this API version will cease to exist.
- Error Responses: Any attempt to call the EOL API results in HTTP error codes, such as 404 Not Found or 410 Gone, or similar error messages.
- No Support: All forms of support, documentation, and resources related to this API version will be discontinued.
Certificate Revocation Status Enhancements in List CertView Certificates v1 API
|
New or Updated API |
Updated |
| API Endpoint | /certview/v1/certificates |
| EOS: January 2026 | |
| EOL: July 2026 | |
|
API Endpoint (New Version) |
/certview/v1.1/certificates |
|
Method |
POST |
|
DTD or XSD changes |
Not Applicable |
Use these API functions to List CertView Certificates to retrieve a list of certificates based on an input filter query and list. With this release, we have added a filter to find the details related to certificate revocation.
Certification Revocation
Revocation of a certificate means canceling the certificate before it expires. This ensures that the certificate is no longer considered valid for secure communication.
We have introduced revocationStatus to get details of the response based on status. The revocationStatus field supports EQUALS and IN operators.
Input Parameter
|
Parameter |
Mandatory/ |
Data Type |
Description |
|---|---|---|---|
|
filters:
|
Optional |
String |
Filter the events list the certificates. For example,
|
For more information on input parameters, refer to the Certificate View API User guide.
SampleSample
API Request
curl -X 'POST'
'<qualys_base_url>/certview/v1.1/certificates'
-H 'accept: application/json'
-H 'Authorization: Bearer <JWT Token>
-H 'Content-Type: application/json'
-d' {
"certificateDetails": "basic",
"filter": "certificate:(revocationStatus:Not Revoked)",
"pageNumber": 0,
"pageSize": 10,
"sort": "[{\"lastFound\": \"desc\"}]"
}'
Response
[
{
"keySize":2048,
"subject":{
"organization":"Qualys, Inc.",
"locality":"Foster City",
"name":"example.qualys.com",
"state":"California",
"country":"US",
"organizationUnit":[
]
},
"validFrom":1725408000000,
"signatureAlgorithm":"SHA256withRSA",
"issuer":{
"organization":"DigiCert Inc",
"organizationUnit":[
],
"name":"DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"country":"US",
"state":"",
"certhash":"1f8eb9e9a8e066cc5b3833e06b3129764b622639d5b163f600e1c79120bf3eed",
"locality":""
},
"rootissuer":{
"organization":"DigiCert Inc",
"organizationUnit":[
"www.digicert.com"
],
"name":"DigiCert Global Root G2",
"country":"US",
"state":"",
"certhash":"cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f",
"locality":""
},
"instanceCount":1,
"dn":"CN=example.qualys.com, O=\"Qualys, Inc.\", L=Foster City, ST=California, C=US",
"certhash":"6dca79243d2c31796050ebcfa6bc251f28f1805dd6528149d55e6ced047a6c47",
"assets":[
{
"netbiosName":"",
"assetId":"ef4b82e0-947e-4054-a719-92cdb4efdfbc",
"name":"example.qualys.com",
"operatingSystem":"Debian Project Debian Bookworm (12)",
"tags":[
{
"name":"john%27;alert(1);//",
"uuid":"cadd8477-ce01-4d81-a86c-dc909304ed24"
},
{
"name":"cc-patrick",
"uuid":"1ab38d53-d1db-4974-b4d2-e3ada2618b5c"
},
{
"name":"TESTING123",
"uuid":"91942cbd-48c9-4a9e-8b31-64d82786bac7"
},
{
"name":"CV_7174_Child",
"uuid":"e6222427-8b26-4dfe-b439-0984c3cbe175"
},
{
"name":"TestDynamicTagRule",
"uuid":"833a2acb-e2da-40b8-836b-2eb2a89fde0a"
},
{
"name":"aa-patrick",
"uuid":"899b67a0-2cb4-4b70-85a8-fb83eb45bb80"
}
],
"primaryIp":"10.xx.xx.xx",
"hostInstances":[
{
"protocol":"tcp",
"sslProtocols":[
"TLSv1.3",
"TLSv1.2"
],
"port":443,
"grade":"A+",
"service":"https",
"vulnerabilities":[
],
"vulnCount":0
}
],
"created":1697629214000,
"updated":1751363356000,
"assetInterfaces":[
{
"hostname":"example.qualys.com",
"address":"10.xx.xx.xx"
}
],
"certificateCount":0
}
],
"selfSigned":false,
"validTo":1756943999000,
"issuerCategory":"DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"subjectAlternativeNames":{
"DNS Name":[
"example.qualys.com"
],
"IP Address":null
},
"lastFound":1751363356000,
"extendedValidation":false,
"sources":[
"VM"
],
"type":"Leaf",
"revocationStatus":"Not Revoked"
}
]
Certificate Revocation and CipherSuite Enhancements in List CertView Certificates v2 API
|
New or Updated API |
Updated |
| API Endpoint | /certview/v2.1/certificates |
| EOS: January 2026 | |
| EOL: July 2026 | |
|
API Endpoint (New Version) |
/certview/v2.2/certificates |
|
Method |
POST |
|
DTD or XSD changes |
Not Applicable |
We have introduced many improvements to enhance the visibility, accuracy, and usability of certificate and cipher suite data in the API responses.
Certificate Revocation Information in API Response
The API response is enhanced to include certificate revocation details, allowing you to verify if a certificate is still valid.
Certification Revocation
Revocation of a certificate means canceling the certificate before it expires. This ensures that the certificate is no longer considered valid for secure communication.
New Parameter for include
You can now use CERT_REVOCATION_INFO in the includes parameter to retrieve the following revocation details:
crlUris: URLs for the Certificate Revocation List (CRL). It is a list published by the Certificate Authority (CA) containing revoked certificates.
ocspUris: URLs for Online Certificate Status Protocol (OCSP). It is a real-time protocol to check the revocation status of a certificate.
revocationStatus: Indicates whether the certificate has been revoked.
New Filter Support
We have introduced revocationStatus to get details of the response based on status. The revocationStatus field supports EQUALS and IN operators.
Enhanced CipherSuite Information Structure
We have improved how CipherSuite data is presented in the API response. Earlier, it was an array of information; now, the user can see the categories information correctly categorized as:
- cipherSuite.name
- cipherSuite.category (categorized as Good, Weak, or Insecure)
If the category is not available for a given cipher suite, the category field is omitted from the response.
Enhanced Asset Information with Created and Updated Timestamps Enhancements
The API response now includes createdDate and updatedDate fields for assets, providing better insight into asset lifecycle and data freshness.
For more information on input parameters, refer to the Certificate View API User guide.
Input Parameters
|
Parameter |
Mandatory/ |
Data Type |
Description |
|---|---|---|---|
|
includes:
|
Optional |
String |
Includes the specified For example, |
|
filters:
|
Optional |
String |
Filter the events list by For example,
|
Sample: Response to include revocation informationSample: Response to include revocation information
API Request
curl -X 'POST'
'<qualys_base_url>/certview/v2.2/certificates'
-H 'accept: application/json'
-H 'Authorization: Bearer <JWT Token>
-H 'Content-Type: application/json'
-d' {
"filter": {
"filters": [
{
"field": "string",
"value": "string",
"operator": "CONTAINS"
}
]
},
"pageNumber": 0,
"pageSize": 10,
"includes": [
"CERT_REVOCATION_INFO"
],
"assetType": "MANAGED"
}'
Response
[
{
"id": 3942381,
"certhash": "00000c4a8d1dd38010d13d5dd589121bfc79da417bcffef89b77b22e86cff063",
"keySize": 2048,
"serialNumber": "06364520be0e7788696dba804398499c",
"validToDate": "2025-12-19T23:59:59.000+00:00",
"validTo": 1766188799000,
"validFromDate": "2024-12-20T00:00:00.000+00:00",
"validFrom": 1734652800000,
"signatureAlgorithm": "SHA256withRSA",
"extendedValidation": false,
"createdDate": "2025-06-25T10:38:06.000+00:00",
"dn": "CN=remote.hdfc.com, O=Hdfc Bank Limited, L=Mumbai, ST=Maharashtra, C=IN",
"subject": {
"organization": "Hdfc Bank Limited",
"locality": "Mumbai",
"name": "remote.hdfc.com",
"state": "Maharashtra",
"country": "IN",
"organizationUnit": []
},
"updateDate": "2025-06-25T10:38:06.000+00:00",
"lastFound": 1750847886000,
"imported": true,
"selfSigned": false,
"issuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "GeoTrust TLS RSA CA G1",
"country": "US",
"state": "",
"certhash": "c06e307f7cfc1d32fa72a4c033c87b90019af216f0775d64978a2eca6c8a230e",
"locality": ""
},
"rootissuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert Global Root CA",
"country": "US",
"state": "",
"certhash": "4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161",
"locality": ""
},
"instanceCount": 0,
"assetCount": 0,
"type": "Leaf",
"publicKeyAlgorithm": "RSA",
"revocationStatus": "Revoked",
"revocationDetails": {
"ocspUris": [
"http://status.geotrust.com"
],
"crlUris": [
"http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl"
]
}
}
]
Sample: Response to include details of asset information (created and updated)Sample: Response to include details of asset information (created and updated)
API Request
curl -X 'POST'
'<qualys_base_url>/certview/v2.2/certificates'
-H 'accept: application/json'
-H 'Authorization: Bearer <JWT Token>
-H 'Content-Type: application/json'
-d' {
"filter":{
"filters":[
{
"field":"certificate.id",
"value":"3498985",
"operator":"EQUALS"
},
{
"*""field":"asset.createDate",
"*""value":"2025-06-12",
"operator":"GREATER_THAN_EQUAL"
}
],
"operation":"AND"
},
"pageNumber":0,
"pageSize":10,
"includes":[
"ASSET_INTERFACES"
],
"assetType":"MANAGED"
}
Response
{
"filter":{
"filters":[
{
"field":"certificate.id",
"value":"3498985",
"operator":"EQUALS"
},
{
"*""field":"asset.createDate",
"*""value":"2025-06-12",
"operator":"GREATER_THAN_EQUAL"
}
],
"operation":"AND"
},
"pageNumber":0,
"pageSize":10,
"includes":[
"ASSET_INTERFACES"
],
"assetType":"MANAGED"
}"Response":[
{
"id":3498985,
"certhash":"6dca79243d2c31796050ebcfa6bc251f28f1805dd6528149d55e6ced047a6c47",
"keySize":2048,
"serialNumber":"01434c80ea24163a54663a1a7c729492",
"validToDate":"2025-09-03T23:59:59.000+00:00",
"validTo":1756943999000,
"validFromDate":"2024-09-04T00:00:00.000+00:00",
"validFrom":1725408000000,
"signatureAlgorithm":"SHA256withRSA",
"extendedValidation":false,
"createdDate":"2025-04-01T09:43:29.000+00:00",
"dn":"CN=example.qualys.com, O=\"Qualys, Inc.\", L=Foster City, ST=California, C=US",
"subject":{
"organization":"Qualys, Inc.",
"locality":"Foster City",
"name":"example.qualys.com",
"state":"California",
"country":"US",
"organizationUnit":[
]
},
"updateDate":"2025-06-17T04:52:48.000+00:00",
"lastFound":1750135968000,
"imported":true,
"selfSigned":false,
"issuer":{
"organization":"DigiCert Inc",
"organizationUnit":[
],
"name":"DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"country":"US",
"state":"",
"certhash":"c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9",
"locality":""
},
"rootissuer":{
"organization":"DigiCert Inc",
"organizationUnit":[
"www.digicert.com"
],
"name":"DigiCert Global Root G2",
"country":"US",
"state":"",
"certhash":"cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f",
"locality":""
},
"issuerCategory":"DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"instanceCount":1,
"assetCount":1,
"sources":[
"VM"
],
"type":"Leaf",
"publicKeyAlgorithm":"RSA",
"revocationStatus":"Not Revoked",
"assets":[
{
"id":65139652,
"uuid":"da1f6aaa-f921-423d-82c8-34614debf1ed",
"netbiosName":"",
"name":"example.qualys.com",
"operatingSystem":"Debian Project Debian Bookworm (12)",
"hostInstances":[
{
"id":30880262,
"port":443,
"fqdn":"",
"protocol":"tcp",
"service":"https",
"grade":"A+"
}
],
"assetInterfaces":[
{
"hostname":"example.qualys.com",
"address":"10.xx.xx.xx"
}
],
"primaryIp":"10.xx.xx.xx",
"created":"2025-06-12T07:08:37.000+00:00""*",
"updated":"2025-06-17T05:15:57.000+00:00"
}
]
}
]
Sample: Response to include Cipher Suites informationSample: Response to include Cipher Suites information
API Request
curl -X 'POST'
'<qualys_base_url>/certview/v2.2/certificates'
-H 'accept: application/json'
-H 'Authorization: Bearer <JWT Token>
-H 'Content-Type: application/json'
-d' {
"filter": {
"filters": [
{
"field": "cipherSuite.category",
"value": "INSECURE",
"operator": "EQUALS"
}
],
"operation": "AND"
},
"pageNumber": 0,
"pageSize": 1,
"includes": [
"CIPHER_SUITES"
],
"assetType": "MANAGED"
}'
[
{
"id": 5021,
"certhash": "a3ac53581e043271878a12124c36660a443321e5a68418c3bc56dab9b1a4d674",
"keySize": 2048,
"serialNumber": "11",
"validToDate": "2031-11-10T00:00:00.000+00:00",
"validTo": 1952035200000,
"validFromDate": "2006-11-10T00:00:00.000+00:00",
"validFrom": 1163116800000,
"signatureAlgorithm": "SHA1withRSA",
"extendedValidation": false,
"createdDate": "2018-11-09T07:12:23.000+00:00",
"dn": "CN=DigiCert Test Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"subject": {
"organization": "DigiCert Inc",
"locality": "",
"name": "DigiCert Test Root CA",
"state": "",
"country": "US",
"organizationUnit": [
"www.digicert.com"
]
},
"updateDate": "2025-07-03T08:23:07.000+00:00",
"lastFound": 1751530987000,
"imported": true,
"selfSigned": true,
"issuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert Test Root CA",
"country": "US",
"state": "",
"certhash": "",
"locality": ""
},
"issuerCategory": "Self-Signed",
"instanceCount": 1,
"assetCount": 1,
"sources": [
"VM"
],
"type": "Root",
"publicKeyAlgorithm": "",
"revocationStatus": "Not Available",
"assets": [
{
"id": 33336679,
"uuid": "50c3eeaa-9136-42c0-a6c7-dd80dd6a55c2",
"netbiosName": "",
"name": "10.115.78.176",
"operatingSystem": "EulerOS / Ubuntu / Fedora / Tiny Core Linux / Linux 3.x / IBM / FortiSOAR / F5 Networks Big-IP",
"hostInstances": [
{
"id": 29581434,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "https",
"grade": "T",
"cipherSuites": [
{
"name": "AES128-SHA",
"category": "INSECURE"
},
{
"name": "ECDHE-RSA-AES128-GCM-SHA256",
"category": "GOOD"
},
{
"name": "CAMELLIA128-SHA",
"category": "INSECURE"
},
{
"name": "ECDHE-RSA-AES128-SHA256",
"category": "INSECURE"
},
{
"name": "ECDHE-RSA-AES256-GCM-SHA384",
"category": "GOOD"
},
{
"name": "DES-CBC3-SHA",
"category": "INSECURE"
},
{
"name": "AES128-GCM-SHA256",
"category": "GOOD"
},
{
"name": "CAMELLIA256-SHA",
"category": "INSECURE"
},
{
"name": "ECDHE-RSA-DES-CBC3-SHA",
"category": "INSECURE"
},
{
"name": "ECDHE-RSA-AES256-SHA384",
"category": "INSECURE"
},
{
"name": "AES256-SHA",
"category": "INSECURE"
},
{
"name": "ECDHE-RSA-AES256-SHA",
"category": "INSECURE"
},
{
"name": "AES128-SHA256",
"category": "INSECURE"
},
{
"name": "AES256-GCM-SHA384",
"category": "GOOD"
},
{
"name": "AES256-SHA256",
"category": "INSECURE"
},
{
"name": "ECDHE-RSA-AES128-SHA",
"category": "INSECURE"
},
{
"name": "CAMELLIA256-SHA256"
},
{
"name": "AES256-CCM-8",
"category": "GOOD"
},
{
"name": "ECDHE-RSA-CAMELLIA256-SHA384",
"category": "INSECURE"
},
{
"name": "AES128-CCM-8",
"category": "GOOD"
},
{
"name": "ECDHE-RSA-CAMELLIA128-SHA256",
"category": "INSECURE"
},
{
"name": "AES128-CCM",
"category": "GOOD"
},
{
"name": "CAMELLIA128-SHA256",
"category": "INSECURE"
},
{
"name": "AES256-CCM",
"category": "GOOD"
}
]
}
],
"primaryIp": "10.115.78.176",
"created": "2023-09-15T12:30:17.000+00:00",
"updated": "2025-05-17T03:41:23.000+00:00"
}
]
}
]