Use this endpoint to get a list with details about your SSH keys.
For more information about SSH keys and how to discover SSH keys configured on your server, see SSH keys.
curl --location --request POST 'https://daas.digicert.com/apicontroller/v1/key/list' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data-raw
'{
"accountId": 5153184,
"searchCriteriaList": [{
"key": "keyName",
"operation": "EQUALS",
"value": ["f83d1b65a899a602c5c026beb32f21fd119b5976b34c16fb27496b5d68f3405a"]
}, {
"key": "keyIp",
"operation": "EQUALS",
"value": ""
}, {
"key": "keyPath",
"operation": "EQUALS",
"value": "C:\\Certbotold1\\archive\\17feb202001.cert-testing.com\\privkey10.pem"
}],
"divisionIds": [],
"isDuplicateKeyList": true,
"startIndex": 1,
"pageSize": 50,
"filterSelected": "keyName",
"sortedColumnId": "ip",
"sortOrder": "ASC"
}'{
"error": null,
"data": {
"totalCount": 1,
"currentCount": 1,
"totalKeys": 0,
"keyDetailsList": [{
"keyName": null,
"securityLevel": "Not secure",
"ip": "",
"port": null,
"type": "RSA",
"firstDiscovered": 1650259868203,
"duplicateCount": null,
"scanName": "",
"protocol": null,
"filePath": "C:\\Certbotold1\\keys\\0049_key-certbot.pem",
"isRootKey": null,
"isOrphanKey": null,
"source": null,
"serverHost": "Box64",
"isProtectedKey": null
}]
}
}| Name | Req/Opt | Type | Description |
|---|---|---|---|
| accountId | required | string | Account ID. |
| searchCriteriaList | optional | array |
Filter results by specified values. The array includes key, operation and value. For definitions, see the Filter options for searchCriteriaList table below.Example: searchCriteriaList:[{"key":"userName","operation":"EQUALS","value":["CertCentral Admin"]}]
|
| divisionIds | required | array | User's division IDs. |
| startIndex | optional | integer |
Index of the first result. Default: 1
|
| pageSize | optional | integer |
Number of records per page. Allowed values: 0 to 512Default: 50
|
| filterSelected | required | string |
The value to show in the results for each sensor that meets the search criteria. Allowed values: name, ip, port, type, scanName, authenticationMethods, keyAlgorithm, protocol, duplicateKeys, userName, source, filePath, serverHost, orphanKeys
|
| isDuplicateKeyList | required | boolean |
Whether any duplicate key exist. Default: true
|
| sortedColumnId | optional | string |
Sort results by specified parameter. Allowed values: serialNumber, ip, port, scanName, serverSecurity, isCertPresent, cnDefault: ip
|
| sortOrder | optional | string |
Sort direction. Allowed values: DESC (descending: 9-0, Z-A), ASC (ascending: 0-9, A-Z)Default: DESC
|
| Name | Type | Description |
|---|---|---|
| error | object | Includes error codes, if any. |
| data | object | Object with information about the filter results. |
| ..totalCount | integer | Total number of keys based on the filter criteria. |
| .. currentCount | integer | Number of records on current page. |
| .. keydetailList | array | Container for key details. |
| .. .. keyName | string |
Key name. Max length: 80 characters.
|
| .. .. securityLevel | string |
Security status of the key. Possible values: Secure, Not secure
|
| .. .. ip | string | IP address related to the key. |
| .. .. port | integer | Default SSH enabled port. |
| .. .. type | string |
Type of the key. Possible values: SSH
|
| .. .. firstDiscovered | integer |
Timestamp for when the key was first discovered. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1596781119000
|
| .. .. duplicateCount | integer | Number of duplicates detected for the key. |
| .. .. scanName | string | Scan associated with the key. |
| .. .. protocol | string |
Protocol used to set up an encrypted connection between the systems to communicate over the internet. Possible values: SSH1, SSH2.
|
| .. .. filepath | string | The file path from where the key is discovered. |
| .. .. isRootKey | boolean | Whether it is a type of root key. |
| .. .. isOrphanKey | boolean |
Whether it is an orphan key. A key is orphaned when it cannot be used further because the pair is no longer on the server. |
| .. .. source | string |
The source used to identify the key. Possible values: Agent,Sensor
|
| .. .. serverHost | string | The server host associated with the key. |
| .. .. isProtectedKey | boolean | Whether it is a protected key. |
The array includes key, operation and value.
| Key | Operation | Value |
|---|---|---|
userName
|
EQUALS |
CertCentral Admin, system
|
keyName
|
EQUALS |
Key name
|
ip
|
EQUALS |
IP address
|
keyPath
|
EQUALS |
Path to the key
|
port
|
EQUALS |
22
|
authenticationMethods
|
EQUALS |
gssapi-keyex, gssapi-with-mic, hostbased., keyboard-interactive, password, publickey, unavailable
|
duplicateKeys
|
EQUALS |
No, Yes
|
type
|
EQUALS |
SSH
|
rotationLimit
|
EQUALS |
6 months, 9 months1 year, 2 years.
|
keyAlgorithm
|
EQUALS |
ECDSA SHA2 NISTP256 256, RSA1 1024, RSA1 2048, SSH DSS 1024, SSH RSA 1024, SSH ED25519, SSH RSA 2048, SSH RSA 3072, SSH RSA 4096, DSA 1024, DSA 512, DSA 8192
|
protocol
|
EQUALS |
SSH1, SSH2
|
scanName
|
EQUALS |
Scan name
|