List certificates

POST https://daas.digicert.com/apicontroller/v1/certificate/list

Get a total count and list of all certificates found through CertCentral Discovery scans. Optionally filter results by certificate attributes.

Example requests and responses

Example 1. cURL

curl -X POST \
  https://daas.digicert.com/apicontroller/v1/certificate/list \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
    "searchCriteriaList": [
        {
            "key":"cn",
            "operation": "EQUALS",
            "value": [
                "www.digicert.com","www.cert.com","docs.digicert.com"
            ]
        },
        {
            "key":"org",
            "operation": "EQUALS",
            "value": [
                "DigiCert Inc"
            ]
        },
        {
            "key":"status",
            "operation": "EQUALS",
            "value": [
                "VALID"
            ]
        },
        {
            "key":"serialNum",
            "operation": "EQUALS",
            "value": [
                "0eb6eab418c873d8f3c031dcdddf18b0"
            ]
        },
        {
            "key":"securityRating",
            "operation": "EQUALS",
            "value": [
                "Not secure","At risk"
            ]
        },
        {
            "key":"ca",
            "operation": "EQUALS",
            "value": [
                "DigiCert SHA2 Secure Server CA"
            ]
        },
        {
            "key":"daysToExpire",
            "operation": "EQUALS",
            "value": [
                "90"
            ]
        },
        {
            "key":"tags",
            "operation": "EQUALS",
            "value": [
                "internal","devbox"
            ]
        }
    ],
    "accountId": "126993",
    "divisionIds": [],
    "startIndex": 1,
    "pageSize": 50,
    "sortedColumnId": "cn",
    "sortOrder": "ASC"
}'

Example 2. Python

import requests

url = "https://daas.digicert.com/apicontroller/v1/certificate/list"

payload = "{\n    \"searchCriteriaList\": [\n        {\n            \"key\": \"cn\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"www.digicert.com\",\"www.cert.com\",\"docs.digicert.com\"\n            ]\n        },\n        {\n            \"key\": \"org\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"DigiCert Inc\"\n            ]\n        },\n        {\n            \"key\": \"status\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"VALID\"\n            ]\n        },\n        {\n            \"key\": \"serialNum\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"0eb6eab418c873d8f3c031dcdddf18b0\"\n            ]\n        },\n        {\n            \"key\": \"securityRating\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"Not secure\",\"At risk\"\n            ]\n        },\n        {\n            \"key\": \"ca\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"DigiCert SHA2 Secure Server CA\"\n            ]\n        },\n        {\n            \"key\": \"daysToExpire\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"90\"\n            ]\n        },\n        {\n            \"key\": \"tags\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"internal\",\"devbox\"\n            ]\n        }\n    ],\n    \"accountId\": \"126993\",\n    \"divisionIds\": [],\n    \"startIndex\": 1,\n    \"pageSize\": 50,\n    \"sortedColumnId\": \"cn\",\n    \"sortOrder\": \"ASC\"\n}"
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json",
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

Example 3. Go

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://daas.digicert.com/apicontroller/v1/certificate/list"

	payload := strings.NewReader("{\n    \"searchCriteriaList\": [\n        {\n            \"key\": \"cn\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"www.digicert.com\",\"www.cert.com\",\"docs.digicert.com\"\n            ]\n        },\n        {\n            \"key\": \"org\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"DigiCert Inc\"\n            ]\n        },\n        {\n            \"key\": \"status\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"VALID\"\n            ]\n        },\n        {\n            \"key\": \"serialNum\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"0eb6eab418c873d8f3c031dcdddf18b0\"\n            ]\n        },\n        {\n            \"key\": \"securityRating\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"Not secure\",\"At risk\"\n            ]\n        },\n        {\n            \"key\": \"ca\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"DigiCert SHA2 Secure Server CA\"\n            ]\n        },\n        {\n            \"key\": \"daysToExpire\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"90\"\n            ]\n        },\n        {\n            \"key\": \"tags\",\n            \"operation\": \"EQUALS\",\n            \"value\": [\n                \"internal\",\"devbox\"\n            ]\n        }\n    ],\n    \"accountId\": \"126993\",\n    \"divisionIds\": [],\n    \"startIndex\": 1,\n    \"pageSize\": 50,\n    \"sortedColumnId\": \"cn\",\n    \"sortOrder\": \"ASC\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Example 4. NodeJS

var request = require("request");

var options = { method: 'POST',
  url: 'https://daas.digicert.com/apicontroller/v1/certificate/list',
  headers: 
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' },
  body: 
   { searchCriteriaList: 
      [ { key: 'cn', operation: 'EQUALS', value: [ 'www.digicert.com','www.cert.com','docs.digicert.com' ] },
        { key: 'org', operation: 'EQUALS', value: [ 'DigiCert Inc' ] },
        { key: 'status', operation: 'EQUALS', value: [ 'VALID' ] },
        { key: 'serialNum', operation: 'EQUALS', value: [ '0eb6eab418c873d8f3c031dcdddf18b0' ] },
        { key: 'securityRating', operation: 'EQUALS', value: [ 'Not secure','At risk' ] },
        { key: 'ca', operation: 'EQUALS', value: [ 'DigiCert SHA2 Secure Server CA' ] },
        { key: 'daysToExpire', operation: 'EQUALS', value: [ '90' ] },
        { key: 'tags', operation: 'EQUALS', value: [ 'internal','devbox' ] } ],
     accountId: '126993',
     divisionIds: [],
     startIndex: 1,
     pageSize: 50,
     sortedColumnId: 'cn',
     sortOrder: 'ASC' },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Example 5. 200 OK

{
    "data": {
        "totalCount": 81,
        "currentCount": 50,
        "certificateDetailsDTOList": [
            {
                "certId": "fb92ee3a2fd0cb6549e58c252f8787f467bfbeff",
                "serialNum": "2bf1c0d8a20fef721f67011d6231c16e",
                "validFrom": 1523318400000,
                "expiryDate": 1591660799000,
                "subject": "CN=*.aparat.com,OU=EssentialSSL Wildcard,OU=Domain Control Validated",
                "issuedBy": "CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB",
                "cn": "*.aparat.com",
                "ca": "Comodo",
                "lastDiscoveredDate": 1645007394721,
                "firstDiscoveredDate": 1561409074447,
                "keyLength": 2048,
                "algoType": "SHA256withRSA",
                "accountId": null,
                "certStatusString": "VALID",
                "owner": "",
                "org": null,
                "orgUnit": "Domain Control Validated",
                "city": "",
                "state": "",
                "country": "",
                "sanCount": 2,
                "publicKeyAlgo": "RSA",
                "san": "isBlobUTF8=true;[2, *.aparat.com];[2, aparat.com]",
                "certRating": "Secure",
                "tags": "",
                "certStatusError": null,
                "certIssues": "CRLDistributionPoints"
            },
            {
                "certId": "4c5d6a9813d3c858ac1ba279a3dd318460bc9ad7",
                "serialNum": "040b914d32914ffc2474a3fdfd892c99",
                "validFrom": 1539734400000,
                "expiryDate": 1573992000000,
                "subject": "CN=espn.com",
                "issuedBy": "CN=Amazon, OU=Server CA 1B, O=Amazon, C=US",
                "cn": "espn.com",
                "ca": "Amazon",
                 
                "firstDiscoveredDate": 1563917838074,
                "keyLength": 2048,
                "algoType": "SHA256withRSA",
                "accountId": null,
                "certStatusString": "VALID",
                "owner": "",
                "org": null,
                "orgUnit": "",
                "city": "",
                "state": "",
                "country": "",
                "sanCount": 6,
                "publicKeyAlgo": "RSA",
                "san": "isBlobUTF8=true;[2, espn.com];[2, *.espn.com];[2, *.geo.hosted.espn.com];[2, *.us-west-2.aws.hosted.espn.com];[2, *.core.api.espn.com];[2, *.api.espn.com]",
                "certRating": "Secure",
                "tags": "internal",
                "certStatusError": null,
                "certIssues": "IsAliasMatchSAN,CRLDistributionPoints",
                "renewalEmailPreference": true,
                "emailAddresses": "xyz@digicert.com, xy@digicert.com",
                "actions": {
                		"primaryAction": "TRANSFER",
                		"secondaryActions": ["VIEW_ENDPOINT"]},
                "filePath": null,
                "source": "Sensor",
                "serverHost": null,
	        "systemCert": false,
                "selfSignedCaOptIn": true
            }
        ]
    }
}

Request parameters

Name	Req/Opt	Type	Description
searchCriteriaList	optional	array	Get records for specified criteria.
.. key	optional	string	Search parameter. Allowed values: `cn`, `org`, `status`, `serialNum`, `securityRating`, `ca`, `daysToExpire`, `tags`
.. operation	optional	string	Search operation. Allowed value: `EQUALS`
.. value	optional	array	Search values.
accountId	required	string	Account ID.
divisionIds	optional	array	Division IDs.
startIndex	optional	int	Start at the specified index. Default: `1`
pageSize	optional	int	Number of records per page. Default: `50`, Max: `100`
sortedColumnId	optional	string	Sort results by specified parameter. Allowed values: `cn`, `org`, `status`, `serialNum`, `securityRating`, `ca`, `daysToExpire` Default: `cn`
sortOrder	optional	string	Sort direction. Allowed values: `ASC` (ascending: 0-9, A-Z), `DESC` (descending: 9-0, Z-A) Default: `ASC`

Response parameters

Name	Type	Description
data	object	Container.
.. totalCount	int	Total number of records that match search criteria.
.. currentCount	int	Number of records on current page.
.. certificateDetailsDTOList	array	Container for certificate details.
.. .. certId	string	Unique DigiCert-generated ID for the certificate. Use for API requests that require it.
.. .. serialNum	string	Serial number assigned to the certificate on issuance.
.. .. validFrom	integer	Validity start date. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: `1855828800000`
.. .. expiryDate	integer	Validity end date. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: `1855828800000`
.. .. subject	bool	Full certificate distinguished name.
.. .. issuedBy	string	Root certificate that the certificate was issued from.
.. .. cn	string	Common name on the certificate.
.. .. ca	string	Certificate Authority that issued the certificate.
.. .. lastDiscoveredDate	integer	Date certificate was last found by CertCentral Discovery scan.
.. .. firstDiscoveredDate	integer	Date certificate was first found by CertCentral Discovery scan. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: `1855828800000`
.. .. keyLength	string	Encryption key size for the certificate.
.. .. algoType	string	Encryption algorithm that the certificate uses.
.. .. accountId	string	Account ID.
.. .. certStatusString	string	Status of the certificate.
.. .. owner	string	Owner as defined in CertCentral Discovery.
.. .. org	string	Organization name on the certificate.
.. .. orgunit	string	Organization unit on the certificate.
.. .. city	string	City on the certificate.
.. .. state	string	State on the certificate.
.. .. country	string	Country on the certificate.
.. .. sanCount	string	Number of subject alternative names on the certificate.
.. .. publicKeyAlgo	string	Encryption algorithm for the certificate's public key.
.. .. san	string	Subject alternative names on the certificate.
.. .. certRating	string	Certificate security rating, based on industry standards and the certificate's settings.
.. .. tags	string	Custom tags added by certificate owner, subscriber, or other admin.
.. .. certStatusError	string	Errors retrieving certificate status.
.. .. certIssues	string	Chart data for certificate issues.
.. .. renewalEmailPreference	boolean	Whether renewal email preference is enabled or not. Default: `true`
.. .. emailAddresses	string	Email address for the contact associated with the certificate.
.. .. actions	object	Action performed on the certificate.
.. .. filePath	string	File path of the certificate. Values are comma-separated.
.. .. source	string	The scan used to identify the certificate. Possible values: `sensor`, `agent` Note: Possible values are`Manual Upload`, `Cloud scan` for server certificates.
.. .. serverHost	string	The server host associated with the certificate. Values are comma-separated.
.. .. systemCert	boolean	Whether any system certificates are available or not.
.. .. selfSignedCaOptIn	boolean	Whether email preference enabled for the self-signed certificates.

In this section: