Get a total count and list of all certificates found through CertCentral Discovery scans. Optionally filter results by certificate attributes.
curl -X POST \
https://daas.digicert.com/apicontroller/v1/certificate/list \
-H 'Content-Type: application/json' \
-H 'X-DC-DEVKEY: {{api_key}}' \
-d '{
"searchCriteriaList": [
{
"key":"cn",
"operation": "EQUALS",
"value": [
"www.digicert.com","www.cert.com","docs.digicert.com"
]
},
{
"key":"org",
"operation": "EQUALS",
"value": [
"DigiCert Inc"
]
},
{
"key":"status",
"operation": "EQUALS",
"value": [
"VALID"
]
},
{
"key":"serialNum",
"operation": "EQUALS",
"value": [
"0eb6eab418c873d8f3c031dcdddf18b0"
]
},
{
"key":"securityRating",
"operation": "EQUALS",
"value": [
"Not secure","At risk"
]
},
{
"key":"ca",
"operation": "EQUALS",
"value": [
"DigiCert SHA2 Secure Server CA"
]
},
{
"key":"daysToExpire",
"operation": "EQUALS",
"value": [
"90"
]
},
{
"key":"tags",
"operation": "EQUALS",
"value": [
"internal","devbox"
]
}
],
"accountId": "126993",
"divisionIds": [],
"startIndex": 1,
"pageSize": 50,
"sortedColumnId": "cn",
"sortOrder": "ASC"
}'
import requests
url = "https://daas.digicert.com/apicontroller/v1/certificate/list"
payload = "{\n \"searchCriteriaList\": [\n {\n \"key\": \"cn\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"www.digicert.com\",\"www.cert.com\",\"docs.digicert.com\"\n ]\n },\n {\n \"key\": \"org\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"DigiCert Inc\"\n ]\n },\n {\n \"key\": \"status\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"VALID\"\n ]\n },\n {\n \"key\": \"serialNum\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"0eb6eab418c873d8f3c031dcdddf18b0\"\n ]\n },\n {\n \"key\": \"securityRating\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"Not secure\",\"At risk\"\n ]\n },\n {\n \"key\": \"ca\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"DigiCert SHA2 Secure Server CA\"\n ]\n },\n {\n \"key\": \"daysToExpire\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"90\"\n ]\n },\n {\n \"key\": \"tags\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"internal\",\"devbox\"\n ]\n }\n ],\n \"accountId\": \"126993\",\n \"divisionIds\": [],\n \"startIndex\": 1,\n \"pageSize\": 50,\n \"sortedColumnId\": \"cn\",\n \"sortOrder\": \"ASC\"\n}"
headers = {
'X-DC-DEVKEY': "{{api_key}}",
'Content-Type': "application/json",
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://daas.digicert.com/apicontroller/v1/certificate/list"
payload := strings.NewReader("{\n \"searchCriteriaList\": [\n {\n \"key\": \"cn\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"www.digicert.com\",\"www.cert.com\",\"docs.digicert.com\"\n ]\n },\n {\n \"key\": \"org\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"DigiCert Inc\"\n ]\n },\n {\n \"key\": \"status\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"VALID\"\n ]\n },\n {\n \"key\": \"serialNum\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"0eb6eab418c873d8f3c031dcdddf18b0\"\n ]\n },\n {\n \"key\": \"securityRating\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"Not secure\",\"At risk\"\n ]\n },\n {\n \"key\": \"ca\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"DigiCert SHA2 Secure Server CA\"\n ]\n },\n {\n \"key\": \"daysToExpire\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"90\"\n ]\n },\n {\n \"key\": \"tags\",\n \"operation\": \"EQUALS\",\n \"value\": [\n \"internal\",\"devbox\"\n ]\n }\n ],\n \"accountId\": \"126993\",\n \"divisionIds\": [],\n \"startIndex\": 1,\n \"pageSize\": 50,\n \"sortedColumnId\": \"cn\",\n \"sortOrder\": \"ASC\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
var request = require("request");
var options = { method: 'POST',
url: 'https://daas.digicert.com/apicontroller/v1/certificate/list',
headers:
{ 'Content-Type': 'application/json',
'X-DC-DEVKEY': '{{api_key}}' },
body:
{ searchCriteriaList:
[ { key: 'cn', operation: 'EQUALS', value: [ 'www.digicert.com','www.cert.com','docs.digicert.com' ] },
{ key: 'org', operation: 'EQUALS', value: [ 'DigiCert Inc' ] },
{ key: 'status', operation: 'EQUALS', value: [ 'VALID' ] },
{ key: 'serialNum', operation: 'EQUALS', value: [ '0eb6eab418c873d8f3c031dcdddf18b0' ] },
{ key: 'securityRating', operation: 'EQUALS', value: [ 'Not secure','At risk' ] },
{ key: 'ca', operation: 'EQUALS', value: [ 'DigiCert SHA2 Secure Server CA' ] },
{ key: 'daysToExpire', operation: 'EQUALS', value: [ '90' ] },
{ key: 'tags', operation: 'EQUALS', value: [ 'internal','devbox' ] } ],
accountId: '126993',
divisionIds: [],
startIndex: 1,
pageSize: 50,
sortedColumnId: 'cn',
sortOrder: 'ASC' },
json: true };
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
{
"data": {
"totalCount": 81,
"currentCount": 50,
"certificateDetailsDTOList": [
{
"certId": "fb92ee3a2fd0cb6549e58c252f8787f467bfbeff",
"serialNum": "2bf1c0d8a20fef721f67011d6231c16e",
"validFrom": 1523318400000,
"expiryDate": 1591660799000,
"subject": "CN=*.aparat.com,OU=EssentialSSL Wildcard,OU=Domain Control Validated",
"issuedBy": "CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB",
"cn": "*.aparat.com",
"ca": "Comodo",
"lastDiscoveredDate": 1645007394721,
"firstDiscoveredDate": 1561409074447,
"keyLength": 2048,
"algoType": "SHA256withRSA",
"accountId": null,
"certStatusString": "VALID",
"owner": "",
"org": null,
"orgUnit": "Domain Control Validated",
"city": "",
"state": "",
"country": "",
"sanCount": 2,
"publicKeyAlgo": "RSA",
"san": "isBlobUTF8=true;[2, *.aparat.com];[2, aparat.com]",
"certRating": "Secure",
"tags": "",
"certStatusError": null,
"certIssues": "CRLDistributionPoints",
"renewalEmailPreference": true,
"emailAddresses": "xyz@digicert.com, abc@digicert.com",
"actions": {
"primaryAction": "TRANSFER",
"secondaryActions": ["VIEW_ENDPOINT"]},
"filePath": null,
"source": "Sensor",
"serverHost": null,
"systemCert": false,
"selfSignedCaOptIn": false
},
{
"certId": "4c5d6a9813d3c858ac1ba279a3dd318460bc9ad7",
"serialNum": "040b914d32914ffc2474a3fdfd892c99",
"validFrom": 1539734400000,
"expiryDate": 1573992000000,
"subject": "CN=espn.com",
"issuedBy": "CN=Amazon, OU=Server CA 1B, O=Amazon, C=US",
"cn": "espn.com",
"ca": "Amazon",
"firstDiscoveredDate": 1563917838074,
"keyLength": 2048,
"algoType": "SHA256withRSA",
"accountId": null,
"certStatusString": "VALID",
"owner": "",
"org": null,
"orgUnit": "",
"city": "",
"state": "",
"country": "",
"sanCount": 6,
"publicKeyAlgo": "RSA",
"san": "isBlobUTF8=true;[2, espn.com];[2, *.espn.com];[2, *.geo.hosted.espn.com];[2, *.us-west-2.aws.hosted.espn.com];[2, *.core.api.espn.com];[2, *.api.espn.com]",
"certRating": "Secure",
"tags": "internal",
"certStatusError": null,
"certIssues": "IsAliasMatchSAN,CRLDistributionPoints",
"renewalEmailPreference": true,
"emailAddresses": "xyz@digicert.com, xy@digicert.com",
"actions": {
"primaryAction": "TRANSFER",
"secondaryActions": ["VIEW_ENDPOINT"]},
"filePath": null,
"source": "Sensor",
"serverHost": null,
"systemCert": false,
"selfSignedCaOptIn": true
}
]
}
}
Name | Req/Opt | Type | Description |
---|---|---|---|
searchCriteriaList | optional | array | Get records for specified criteria. |
.. key | optional | string |
Search parameter. Allowed values: cn , org , status , serialNum , securityRating , ca , daysToExpire , tags
|
.. operation | optional | string |
Search operation. Allowed value: EQUALS
|
.. value | optional | array | Search values. |
accountId | required | string | Account ID. |
divisionIds | optional | array | Division IDs. |
startIndex | optional | int |
Start at the specified index. Default: 1
|
pageSize | optional | int |
Number of records per page. Default: 50 , Max: 100
|
sortedColumnId | optional | string |
Sort results by specified parameter. Allowed values: cn , org , status , serialNum , securityRating , ca , daysToExpire Default: cn
|
sortOrder | optional | string |
Sort direction. Allowed values: ASC (ascending: 0-9, A-Z), DESC (descending: 9-0, Z-A)Default: ASC
|
Name | Type | Description |
---|---|---|
data | object | Container. |
.. totalCount | int | Total number of records that match search criteria. |
.. currentCount | int | Number of records on current page. |
.. certificateDetailsDTOList | array | Container for certificate details. |
.. .. certId | string | Unique DigiCert-generated ID for the certificate. Use for API requests that require it. |
.. .. serialNum | string | Serial number assigned to the certificate on issuance. |
.. .. validFrom | integer |
Validity start date. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1855828800000
|
.. .. expiryDate | integer |
Validity end date. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1855828800000
|
.. .. subject | bool | Full certificate distinguished name. |
.. .. issuedBy | string | Root certificate that the certificate was issued from. |
.. .. cn | string | Common name on the certificate. |
.. .. ca | string | Certificate Authority that issued the certificate. |
.. .. lastDiscoveredDate | integer | Date certificate was last found by CertCentral Discovery scan. |
.. .. firstDiscoveredDate | integer |
Date certificate was first found by CertCentral Discovery scan. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1855828800000
|
.. .. keyLength | string | Encryption key size for the certificate. |
.. .. algoType | string | Encryption algorithm that the certificate uses. |
.. .. accountId | string | Account ID. |
.. .. certStatusString | string |
Status of the certificate.
|
.. .. owner | string | Owner as defined in CertCentral Discovery. |
.. .. org | string | Organization name on the certificate. |
.. .. orgunit | string | Organization unit on the certificate. |
.. .. city | string | City on the certificate. |
.. .. state | string | State on the certificate. |
.. .. country | string | Country on the certificate. |
.. .. sanCount | string | Number of subject alternative names on the certificate. |
.. .. publicKeyAlgo | string | Encryption algorithm for the certificate's public key. |
.. .. san | string | Subject alternative names on the certificate. |
.. .. certRating | string |
Certificate security rating , based on industry standards and the certificate's settings.
|
.. .. tags | string | Custom tags added by certificate owner, subscriber, or other admin. |
.. .. certStatusError | string | Errors retrieving certificate status. |
.. .. certIssues | string | Chart data for certificate issues. |
.. .. renewalEmailPreference | boolean |
Whether renewal email preference is enabled or not. Default: true
|
.. .. emailAddresses | string | Email address for the contact associated with the certificate. |
.. .. actions | object | Action performed on the certificate. |
.. .. filePath | string |
File path of the certificate. Values are comma-separated. |
.. .. source | string |
The scan used to identify the certificate. Possible values: sensor , agent .Note: Possible values are Manual Upload or Cloud scan for server certificates.
|
.. .. serverHost | string |
The server host associated with the certificate. Values are comma-separated. |
.. .. systemCert | boolean | Whether any system certificates are available or not. |
.. .. selfSignedCaOptIn | boolean | Whether email preference enabled for the self-signed certificates. |