Certs 2.0 Field Changes
Our transition guides have stated that some fields in the data have been removed, changed, or added. Here’s a detailed guide for reference that goes field-by-field through what’s been removed from the legacy schema and what it has been replaced with in 2.0.
Replaced Fields
The legacy fields in this table have been replaced. The nature of the change is sometimes just a clearer key name, sometimes a change to a nested structure, or just a relocation for accuracy or ease of query.
Legacy Certs Field → Certs 2.0 Field
-
ct.*
→ct.entries.key
-
ct.*
→ct.entries.value.*
-
metadata.added_at
→added_at
-
metadata.parse_status
→parse_status
-
metadata.seen_in_scan
→ever_seen_in_scan
-
metadata.updated_at
→modified_at
-
parsed.extensions.qc_statements.parsed.pds_locations.locations
→parsed.extensions.qc_statements.parsed.pds_locations.*
-
parsed.extensions.signed_certificate_timestamps.signature
→parsed.extensions.signed_certificate_timestamps.signature.* signature
-
parsed.fingerprint_md5
→fingerprint_md5
-
parsed.fingerprint_sha1
→fingerprint_sha1
-
parsed.fingerprint_sha256
→fingerprint_sha256
-
parsed.names
→names
-
parsed.signature_algorithm.name
→parsed.signature.* signature_algorithm.name
-
parsed.signature_algorithm.oid
→parsed.signature.* signature_algorithm.oid
-
parsed.spki_subject_fingerprint
→spki_fingerprint_sha256
-
parsed.subject_key_info.dsa_public_key.*
→parsed.subject_key_info.dsa.*
-
parsed.subject_key_info.ecdsa_public_key.*
→parsed.subject_key_info.ecdsa.*
-
parsed.subject_key_info.rsa_public_key.*
→parsed.subject_key_info.rsa.*
-
parsed.tbs_fingerprint
→tbs_fingerprint_sha256
-
parsed.tbs_noct_fingerprint
→tbs_no_ct_fingerprint_sha256
-
parsed.validation_level
→validation_level
-
parsed.validity.end
→parsed.validity_period.length_seconds
-
parsed.validity.length
→parsed.validity_period.not_after
-
parsed.validity.start
→parsed.validity_period.not_before
-
validation.*.paths
→validation.*.chains.sha256fp
-
validation.*.trusted_path
→validation.*.has_trusted_path
-
validation.*.valid
→validation.*.is_valid
-
validation.*.was_valid
→validation.*.ever_valid
-
validation.crl_revocation.next_update
→revocation.crl.* next_update
-
validation.crl_revocation.reason
→revocation.crl.reason
-
validation.crl_revocation.revoked
→revocation.crl.revoked
-
validation.ocsp_revocation.next_update
→revocation.ocsp.* next_update
-
validation.ocsp_revocation.reason
→revocation.ocsp.reason
-
validation.ocsp_revocation.revoked
→revocation.ocsp.revoked
-
validation.revoked
→revoked
-
zlint.lints
→zlint.failed_lints
Removed Fields from Legacy Certs
A few fields have been removed that have no equivalent in the new schema:
-
metadata.parse_error
-
metadata.parse_version
-
metadata.post_processed
-
metadata.post_processed_at
-
metadata.source
-
parsed.extensions.extended_key_usage.value
-
parsed.extensions.signed_certificate_timestamps.extensions
-
validation.*.blacklisted
-
validation.*.whitelisted
-
validation.crl_error
-
validation.ocsp_error
New Fields in 2.0
A few fields have been added that do not have an equivalent in the legacy schema:
-
parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage
-
parsed.extensions.name_constraints.excluded_uris
-
parsed.extensions.name_constraints.permitted_uris
-
parsed.extensions.signed_certificate_timestamps.signature.*
-
parsed.extensions.tor_service_descriptors.*
-
revocation.crl.revocation_time
-
revocation.ocsp.revocation_time
-
validated_at
-
zlint.timestamp
See the entire schema of the new certificate record here.
Comments
0 comments
Please sign in to leave a comment.