List certificates
7 minute read
POST
Get a total count and list of all certificates found through CertCentral Discovery scans. Optionally filter results by certificate attributes.https://daas.digicert.com/apicontroller/v1/certificate/list
Example requests and responses
curl -X POST \
https://daas.digicert.com/apicontroller/v1/certificate/list \
-H 'Content-Type: application/json' \
-H 'X-DC-DEVKEY: {{api_key}}' \
-d '{
"searchCriteriaList": [
{
"key":"cn",
"operation": "EQUALS",
"value": [
"www.digicert.com","www.cert.com","docs.digicert.com"
]
},
{
"key":"org",
"operation": "EQUALS",
"value": [
"DigiCert Inc"
]
},
{
"key":"status",
"operation": "EQUALS",
"value": [
"VALID"
]
},
{
"key":"serialNum",
"operation": "EQUALS",
"value": [
"0eb6eab418c873d8f3c031dcdddf18b0"
]
},
{
"key":"securityRating",
"operation": "EQUALS",
"value": [
"Not secure","At risk"
]
},
{
"key":"ca",
"operation": "EQUALS",
"value": [
"DigiCert SHA2 Secure Server CA"
]
},
{
"key":"daysToExpire",
"operation": "EQUALS",
"value": [
"90"
]
},
{
"key":"tags",
"operation": "EQUALS",
"value": [
"internal","devbox"
]
}
],
"accountId": "126993",
"divisionIds": [],
"startIndex": 1,
"pageSize": 50,
"sortedColumnId": "cn",
"sortOrder": "ASC"
}'import requests
url = "https://daas.digicert.com/apicontroller/v1/certificate/list"
payload = "{\n \"searchCriteriaList\": [\n {\n \"key\": \"cn\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"www.digicert.com\",\"www.cert.com\",\"docs.digicert.com\"\n ]\n },\n {\n \"key\": \"org\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"DigiCert Inc\"\n ]\n },\n {\n \"key\": \"status\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"VALID\"\n ]\n },\n {\n \"key\": \"serialNum\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"0eb6eab418c873d8f3c031dcdddf18b0\"\n ]\n },\n {\n \"key\": \"securityRating\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"Not secure\",\"At risk\"\n ]\n },\n {\n \"key\": \"ca\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"DigiCert SHA2 Secure Server CA\"\n ]\n },\n {\n \"key\": \"daysToExpire\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"90\"\n ]\n },\n {\n \"key\": \"tags\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"internal\",\"devbox\"\n ]\n }\n ],\n \"accountId\": \"126993\",\n \"divisionIds\": [],\n \"startIndex\": 1,\n \"pageSize\": 50,\n \"sortedColumnId\": \"cn\",\n \"sortOrder\": \"ASC\"\n}"
headers = {
'X-DC-DEVKEY': "{{api_key}}",
'Content-Type': "application/json",
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://daas.digicert.com/apicontroller/v1/certificate/list"
payload := strings.NewReader("{\n \"searchCriteriaList\": [\n {\n \"key\": \"cn\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"www.digicert.com\",\"www.cert.com\",\"docs.digicert.com\"\n ]\n },\n {\n \"key\": \"org\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"DigiCert Inc\"\n ]\n },\n {\n \"key\": \"status\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"VALID\"\n ]\n },\n {\n \"key\": \"serialNum\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"0eb6eab418c873d8f3c031dcdddf18b0\"\n ]\n },\n {\n \"key\": \"securityRating\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"Not secure\",\"At risk\"\n ]\n },\n {\n \"key\": \"ca\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"DigiCert SHA2 Secure Server CA\"\n ]\n },\n {\n \"key\": \"daysToExpire\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"90\"\n ]\n },\n {\n \"key\": \"tags\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"internal\",\"devbox\"\n ]\n }\n ],\n \"accountId\": \"126993\",\n \"divisionIds\": [],\n \"startIndex\": 1,\n \"pageSize\": 50,\n \"sortedColumnId\": \"cn\",\n \"sortOrder\": \"ASC\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}var request = require("request");
var options = { method: 'POST',
url: 'https://daas.digicert.com/apicontroller/v1/certificate/list',
headers:
{ 'Content-Type': 'application/json',
'X-DC-DEVKEY': '{{api_key}}' },
body:
{ searchCriteriaList:
[ { key: 'cn', operation: 'EQUALS', value: [ 'www.digicert.com','www.cert.com','docs.digicert.com' ] },
{ key: 'org', operation: 'EQUALS', value: [ 'DigiCert Inc' ] },
{ key: 'status', operation: 'EQUALS', value: [ 'VALID' ] },
{ key: 'serialNum', operation: 'EQUALS', value: [ '0eb6eab418c873d8f3c031dcdddf18b0' ] },
{ key: 'securityRating', operation: 'EQUALS', value: [ 'Not secure','At risk' ] },
{ key: 'ca', operation: 'EQUALS', value: [ 'DigiCert SHA2 Secure Server CA' ] },
{ key: 'daysToExpire', operation: 'EQUALS', value: [ '90' ] },
{ key: 'tags', operation: 'EQUALS', value: [ 'internal','devbox' ] } ],
accountId: '126993',
divisionIds: [],
startIndex: 1,
pageSize: 50,
sortedColumnId: 'cn',
sortOrder: 'ASC' },
json: true };
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});200 OK
{
"data": {
"totalCount": 81,
"currentCount": 50,
"certificateDetailsDTOList": [
{
"certId": "fb92ee3a2fd0cb6549e58c252f8787f467bfbeff",
"serialNum": "2bf1c0d8a20fef721f67011d6231c16e",
"validFrom": 1523318400000,
"expiryDate": 1591660799000,
"subject": "CN=*.aparat.com,OU=EssentialSSL Wildcard,OU=Domain Control Validated",
"issuedBy": "CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB",
"cn": "*.aparat.com",
"ca": "Comodo",
"lastDiscoveredDate": 1645007394721,
"firstDiscoveredDate": 1561409074447,
"keyLength": 2048,
"algoType": "SHA256withRSA",
"accountId": null,
"certStatusString": "VALID",
"owner": "",
"org": null,
"orgUnit": "Domain Control Validated",
"city": "",
"state": "",
"country": "",
"sanCount": 2,
"publicKeyAlgo": "RSA",
"san": "isBlobUTF8=true;[2, *.aparat.com];[2, aparat.com]",
"certRating": "Secure",
"tags": "",
"certStatusError": null,
"certIssues": "CRLDistributionPoints"
},
{
"certId": "4c5d6a9813d3c858ac1ba279a3dd318460bc9ad7",
"serialNum": "040b914d32914ffc2474a3fdfd892c99",
"validFrom": 1539734400000,
"expiryDate": 1573992000000,
"subject": "CN=espn.com",
"issuedBy": "CN=Amazon, OU=Server CA 1B, O=Amazon, C=US",
"cn": "espn.com",
"ca": "Amazon",
"firstDiscoveredDate": 1563917838074,
"keyLength": 2048,
"algoType": "SHA256withRSA",
"accountId": null,
"certStatusString": "VALID",
"owner": "",
"org": null,
"orgUnit": "",
"city": "",
"state": "",
"country": "",
"sanCount": 6,
"publicKeyAlgo": "RSA",
"san": "isBlobUTF8=true;[2, espn.com];[2, *.espn.com];[2, *.geo.hosted.espn.com];[2, *.us-west-2.aws.hosted.espn.com];[2, *.core.api.espn.com];[2, *.api.espn.com]",
"certRating": "Secure",
"tags": "internal",
"certStatusError": null,
"certIssues": "IsAliasMatchSAN,CRLDistributionPoints",
"renewalEmailPreference": true,
"emailAddresses": "xyz@digicert.com, xy@digicert.com",
"actions": {
"primaryAction": "TRANSFER",
"secondaryActions": ["VIEW_ENDPOINT"]},
"filePath": null,
"source": "Sensor",
"serverHost": null,
"systemCert": false,
"selfSignedCaOptIn": true
}
]
}
}
Request parameters
| Name | Req/Opt | Type | Description |
|---|---|---|---|
| searchCriteriaList | optional | array | Get records for specified criteria. |
| .. key | optional | string | Search parameter. Allowed values: cn, org, status, serialNum, securityRating, ca, daysToExpire, tags |
| .. operation | optional | string | Search operation. Allowed value: EQUALS |
| .. value | optional | array | Search values. |
| accountId | required | string | Account ID. |
| divisionIds | optional | array | Division IDs. |
| startIndex | optional | int | Start at the specified index. Default: |
| 1 | |||
| pageSize | optional | int | Number of records per page. Default: 50,Max: 100 |
| sortedColumnId | optional | string | Sort results by specified parameter. Allowed values: cn, org, status, serialNum, securityRating, ca, daysToExpireDefault: cn |
| sortOrder | optional | string | Sort direction. Allowed values: ASC (ascending: 0-9, A-Z), DESC (descending: 9-0, Z-A)Default: ASC |
Response parameters
| Name | Type | Description |
|---|---|---|
| data | object | Container. |
| .. totalCount | int | Total number of records that match search criteria. |
| .. currentCount | int | Number of records on current page. |
| .. certificateDetailsDTOList | array | Container for certificate details. |
| .. .. certId | string | Unique DigiCert-generated ID for the certificate. Use for API requests that require it. |
| .. .. serialNum | string | Serial number assigned to the certificate on issuance. |
| .. .. validFrom | integer | Validity start date. **Format:**epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1855828800000 |
| .. .. expiryDate | integer | Validity end date. **Format:**epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1855828800000 |
| .. .. subject | bool | Full certificate distinguished name. |
| .. .. issuedBy | string | Root certificate that the certificate was issued from. |
| .. .. cn | string | Common name on the certificate. |
| .. .. ca | string | Certificate Authority that issued the certificate. |
| .. .. lastDiscoveredDate | integer | Date certificate was last found by CertCentral Discovery scan. |
| .. .. firstDiscoveredDate | integer | Date certificate was first found by CertCentral Discovery scan. **Format:**epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1855828800000 |
| .. .. keyLength | string | Encryption key size for the certificate. |
| .. .. algoType | string | Encryption algorithm that the certificate uses. |
| .. .. accountId | string | Account ID. |
| .. .. certStatusString | string | Status of the certificate. |
| .. .. owner | string | Owner as defined in CertCentral Discovery. |
| .. .. org | string | Organization name on the certificate. |
| .. .. orgunit | string | Organization unit on the certificate. |
| .. .. city | string | City on the certificate. |
| .. .. state | string | State on the certificate. |
| .. .. country | string | Country on the certificate. |
| .. .. sanCount | string | Number of subject alternative names on the certificate. |
| .. .. publicKeyAlgo | string | Encryption algorithm for the certificate’s public key. |
| .. .. san | string | Subject alternative names on the certificate. |
| .. .. certRating | string | Certificate security rating, based on industry standards and the certificate’s settings. |
| .. .. tags | string | Custom tags added by certificate owner, subscriber, or other admin. |
| .. .. certStatusError | string | Errors retrieving certificate status. |
| .. .. certIssues | string | Chart data for certificate issues. |
| .. .. renewalEmailPreference | boolean | Whether renewal email preference is enabled or not. Default: true |
| .. .. emailAddresses | string | Email address for the contact associated with the certificate. |
| .. .. actions | object | Action performed on the certificate. |
| .. .. filePath | string | File path of the certificate. Values are comma-separated. |
| .. .. source | string | The scan used to identify the certificate. Possible values: sensor, agentNote:Possible values are Manual Upload, Cloud scan for server certificates. |
| .. .. serverHost | string | The server host associated with the certificate. Values are comma-separated. |
| .. .. systemCert | boolean | Whether any system certificates are available or not. |
| .. .. selfSignedCaOptIn | boolean | Whether email preference enabled for the self-signed certificates. |
Was this page helpful?
Provide feedback