TLS
Transport Layer Security (TLS) is a cryptographic protocol to secure communication over a network, typically the internet. TLS ensures the privacy and integrity of data exchanged between clients and servers by encrypting the communication channel and verifying the identities of communicating parties.
Field |
Type |
Description |
---|---|---|
services.certificate |
text |
|
services.jarm |
object |
|
services.jarm.cipher_and_version_fingerprint |
text |
The first 30 bytes the JARM fingerprint, which encode the service’s TLS version and cipher suite configuration. |
services.jarm.fingerprint |
text |
The 62-byte JARM fingerprint of the service. |
services.jarm.observed_at |
date |
The RFC 3339-formatted timestamp indicating when the service was fingerprinted by Censys. |
services.jarm.tls_extensions_sha256 |
text |
The second 32 bytes of the JARM fingerprint, which is a digest of the service’s TLS extension usage. |
services.tls |
object |
|
services.tls.certificate |
object |
|
services.tls.certificate.added_at |
date |
When the certificate was added to the Censys dataset. |
services.tls.certificate.ct |
object |
|
services.tls.certificate.ct.entries |
nested |
|
services.tls.certificate.ct.entries.key |
text |
|
services.tls.certificate.ct.entries.value |
object |
|
services.tls.certificate.ct.entries.value.added_to_ct_at |
date |
An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log. |
services.tls.certificate.ct.entries.value.ct_to_censys_at |
date |
An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset. |
services.tls.certificate.ct.entries.value.index |
long |
Numerical marker of the certificate's place in the CT log. |
services.tls.certificate.ever_seen_in_scan |
boolean |
|
services.tls.certificate.fingerprint_md5 |
text |
The MD-5 digest of the entire raw certificate. An identifier used by some systems. |
services.tls.certificate.fingerprint_sha1 |
text |
The SHA-1 digest of the entire raw certificate. An identifier used by some systems. |
services.tls.certificate.fingerprint_sha256 |
text |
The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records. |
services.tls.certificate.modified_at |
date |
When the certificate record was last modified. |
services.tls.certificate.names |
text |
All the names contained in the certificate from various fields. |
services.tls.certificate.parent_spki_subject_fingerprint_sha256 |
text |
The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject. |
services.tls.certificate.parse_status |
text |
|
services.tls.certificate.parsed |
object |
A record containing all of the data parsed from the certificate. |
services.tls.certificate.parsed.extensions |
object |
A record containing parsed X.509 extensions that provide additional identification information or additional cryptographic capabilities. |
services.tls.certificate.parsed.extensions.authority_info_access |
object |
The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted. |
services.tls.certificate.parsed.extensions.authority_info_access.issuer_urls |
text |
|
services.tls.certificate.parsed.extensions.authority_info_access.ocsp_urls |
text |
|
services.tls.certificate.parsed.extensions.authority_key_id |
text |
A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo. |
services.tls.certificate.parsed.extensions.basic_constraints |
object |
The parsed id-ce-basicConstraints extension (OID: 2.5.29.19). |
services.tls.certificate.parsed.extensions.basic_constraints.is_ca |
boolean |
Whether the certificate is permitted to sign other certificates. |
services.tls.certificate.parsed.extensions.basic_constraints.max_path_len |
integer |
When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path. |
services.tls.certificate.parsed.extensions.cabf_organization_id |
object |
CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1). |
services.tls.certificate.parsed.extensions.cabf_organization_id.country |
text |
|
services.tls.certificate.parsed.extensions.cabf_organization_id.reference |
text |
|
services.tls.certificate.parsed.extensions.cabf_organization_id.scheme |
text |
|
services.tls.certificate.parsed.extensions.cabf_organization_id.state |
text |
|
services.tls.certificate.parsed.extensions.certificate_policies |
nested |
The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32). |
services.tls.certificate.parsed.extensions.certificate_policies.cps |
text |
|
services.tls.certificate.parsed.extensions.certificate_policies.id |
text |
|
services.tls.certificate.parsed.extensions.certificate_policies.user_notice |
nested |
|
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.explicit_text |
text |
|
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference |
object |
|
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers |
integer |
|
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.organization |
text |
|
services.tls.certificate.parsed.extensions.crl_distribution_points |
text |
The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted). |
services.tls.certificate.parsed.extensions.ct_poison |
boolean |
Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3). |
services.tls.certificate.parsed.extensions.extended_key_usage |
object |
The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37). |
services.tls.certificate.parsed.extensions.extended_key_usage.any |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_development |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_third_party |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_development_env |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_env |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_maintenance_env |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_production_env |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_qos |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_test_env |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier0_qos |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier1_qos |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier2_qos |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier3_qos |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_encryption |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_resource_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_software_update_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.apple_system_identity |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.client_auth |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.code_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.dvcs |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_lan |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_ppp |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.email_protection |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_end_system |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_tunnel |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_user |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_ca_exchange |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_csp_signature |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_document_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm_individualization |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_efs_recovery |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_encrypted_file_system |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_enrollment_agent |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_21 |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_3 |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_license_server |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_licenses |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_lifetime_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_mobile_device_software |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_nt5_crypto |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_qualified_subordinate |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_root_list_signer |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_server_gated_crypto |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_sgc_serialized |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smart_display |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smartcard_logon |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health_loophole |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_timestamp_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_whql_crypto |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.netscape_server_gated_crypto |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.ocsp_signing |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.server_auth |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.time_stamping |
boolean |
|
services.tls.certificate.parsed.extensions.extended_key_usage.unknown |
text |
|
services.tls.certificate.parsed.extensions.issuer_alt_name |
object |
The parsed id-ce-issuerAltName extension (OID: 2.5.29.18). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names |
nested |
The parsed directoryName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization_id |
text |
|
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.extensions.issuer_alt_name.dns_names |
text |
The parsed dNSName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names |
nested |
The parsed eDIPartyName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.name_assigner |
text |
|
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.party_name |
text |
|
services.tls.certificate.parsed.extensions.issuer_alt_name.email_addresses |
text |
The parsed rfc822Name entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.ip_addresses |
text |
The parsed ipAddress entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names |
nested |
The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID. |
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.id |
text |
The OID identifying the syntax of the otherName value. |
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.value |
text |
The raw otherName value. |
services.tls.certificate.parsed.extensions.issuer_alt_name.registered_ids |
text |
The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format. |
services.tls.certificate.parsed.extensions.issuer_alt_name.uniform_resource_identifiers |
text |
The parsed uniformResourceIdentifier entries in the GeneralName. |
services.tls.certificate.parsed.extensions.key_usage |
object |
The parsed id-ce-keyUsage extension (OID: 2.5.29.15). |
services.tls.certificate.parsed.extensions.key_usage.certificate_sign |
boolean |
Whether the keyCertSign bit is set. |
services.tls.certificate.parsed.extensions.key_usage.content_commitment |
boolean |
Whether the contentCommitment (formerly called nonRepudiation) bit is set. |
services.tls.certificate.parsed.extensions.key_usage.crl_sign |
boolean |
Whether the cRLSign bit is set. |
services.tls.certificate.parsed.extensions.key_usage.data_encipherment |
boolean |
Whether the dataEncipherment bit is set. |
services.tls.certificate.parsed.extensions.key_usage.decipher_only |
boolean |
Whether the decipherOnly bit is set. |
services.tls.certificate.parsed.extensions.key_usage.digital_signature |
boolean |
Whether the digitalSignature bit is set. |
services.tls.certificate.parsed.extensions.key_usage.encipher_only |
boolean |
Whether the encipherOnly bit is set. |
services.tls.certificate.parsed.extensions.key_usage.key_agreement |
boolean |
Whether the keyAgreement bit is set. |
services.tls.certificate.parsed.extensions.key_usage.key_encipherment |
boolean |
Whether the keyEncipherment bit is set. |
services.tls.certificate.parsed.extensions.key_usage.value |
unsigned_long |
The integer value of the bitmask in the extension. |
services.tls.certificate.parsed.extensions.name_constraints |
object |
The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located. |
services.tls.certificate.parsed.extensions.name_constraints.critical |
boolean |
|
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names |
nested |
A record providing excluded names of the type directoryName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization_id |
text |
|
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names |
nested |
A record providing excluded names of the type ediPartyName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner |
text |
|
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.party_name |
text |
|
services.tls.certificate.parsed.extensions.name_constraints.excluded_email_addresses |
text |
A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses |
nested |
A record providing a range of excluded names of the type iPAddress in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.begin |
text |
The first IP address in the range. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.cidr |
text |
The CIDR specifying the subtree. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.end |
text |
The last IP address in the range. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.mask |
text |
The subnet mask of the CIDR. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_names |
text |
A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_registered_ids |
text |
A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_uris |
text |
A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names |
nested |
A record providing permitted names of the type directoryName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization_id |
text |
|
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names |
nested |
A record providing permitted names of the type ediPartyName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner |
text |
|
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.party_name |
text |
|
services.tls.certificate.parsed.extensions.name_constraints.permitted_email_addresses |
text |
A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses |
nested |
A record providing a range of permitted names of the type iPAddress in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.begin |
text |
The first IP address in the range. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.cidr |
text |
The CIDR specifying the subtree. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.end |
text |
The last IP address in the range. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.mask |
text |
The subnet mask of the CIDR. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_names |
text |
A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_registered_ids |
text |
A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_uris |
text |
A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.qc_statements |
object |
|
services.tls.certificate.parsed.extensions.qc_statements.ids |
text |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed |
object |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.etsi_compliance |
boolean |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation |
nested |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation.country_codes |
text |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit |
nested |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.amount |
long |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency |
text |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency_number |
long |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.exponent |
long |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations |
nested |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.language |
text |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.url |
text |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.retention_period |
long |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.sscd |
boolean |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.types |
nested |
|
services.tls.certificate.parsed.extensions.qc_statements.parsed.types.ids |
text |
|
services.tls.certificate.parsed.extensions.signed_certificate_timestamps |
nested |
|
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.log_id |
text |
|
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature |
object |
|
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm |
text |
|
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature |
text |
|
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm |
text |
|
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.timestamp |
date |
|
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.version |
integer |
|
services.tls.certificate.parsed.extensions.subject_alt_name |
object |
The parsed id-ce-subjectAltName extension (OID: 2.5.29.17). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names |
nested |
The parsed directoryName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization_id |
text |
|
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.extensions.subject_alt_name.dns_names |
text |
The parsed dNSName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names |
nested |
The parsed eDIPartyName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.name_assigner |
text |
|
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.party_name |
text |
|
services.tls.certificate.parsed.extensions.subject_alt_name.email_addresses |
text |
The parsed rfc822Name entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.ip_addresses |
text |
The parsed ipAddress entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.other_names |
nested |
The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID. |
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.id |
text |
The OID identifying the syntax of the otherName value. |
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.value |
text |
The raw otherName value. |
services.tls.certificate.parsed.extensions.subject_alt_name.registered_ids |
text |
The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format. |
services.tls.certificate.parsed.extensions.subject_alt_name.uniform_resource_identifiers |
text |
The parsed uniformResourceIdentifier entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_key_id |
text |
A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.. |
services.tls.certificate.parsed.extensions.tor_service_descriptors |
nested |
|
services.tls.certificate.parsed.extensions.tor_service_descriptors.algorithm_name |
text |
|
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash |
text |
|
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash_bits |
integer |
|
services.tls.certificate.parsed.extensions.tor_service_descriptors.onion |
text |
|
services.tls.certificate.parsed.issuer |
object |
A record containing the parsed contents of the issuer_dn. |
services.tls.certificate.parsed.issuer.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.issuer.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.issuer.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.issuer.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.issuer.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.issuer.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.issuer.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.issuer.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.issuer.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.issuer.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.issuer.organization_id |
text |
|
services.tls.certificate.parsed.issuer.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.issuer.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.issuer.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.issuer.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.issuer.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.issuer.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.issuer_dn |
text |
Distinguished Name of the entity that has signed and issued the certificate. |
services.tls.certificate.parsed.redacted |
boolean |
|
services.tls.certificate.parsed.serial_number |
text |
Issuer-specific identifier of the certificate. |
services.tls.certificate.parsed.serial_number_hex |
text |
Issuer-specific identifier of the certificate, represented as hexadecimal. |
services.tls.certificate.parsed.signature |
object |
|
services.tls.certificate.parsed.signature.self_signed |
boolean |
Whether the certificate was signed by its own key. |
services.tls.certificate.parsed.signature.signature_algorithm |
object |
|
services.tls.certificate.parsed.signature.signature_algorithm.name |
text |
Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record. |
services.tls.certificate.parsed.signature.signature_algorithm.oid |
text |
|
services.tls.certificate.parsed.signature.valid |
boolean |
Whether the signature is valid. |
services.tls.certificate.parsed.signature.value |
text |
Contents of the signature. |
services.tls.certificate.parsed.subject |
object |
A record containing the parsed contents of the subject_dn. |
services.tls.certificate.parsed.subject.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.subject.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.subject.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.subject.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.subject.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.subject.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.subject.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.subject.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.subject.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.subject.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.subject.organization_id |
text |
|
services.tls.certificate.parsed.subject.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.subject.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.subject.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.subject.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.subject.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.subject.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.subject_dn |
text |
Distinguished Name of the entity associated with the public key. |
services.tls.certificate.parsed.subject_key_info |
object |
Information about the certificate's public key. |
services.tls.certificate.parsed.subject_key_info.dsa |
object |
A record containing the public portion of a DSA asymmetric key. |
services.tls.certificate.parsed.subject_key_info.dsa.g |
text |
|
services.tls.certificate.parsed.subject_key_info.dsa.p |
text |
|
services.tls.certificate.parsed.subject_key_info.dsa.q |
text |
|
services.tls.certificate.parsed.subject_key_info.dsa.y |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa |
object |
A record containing the public portion of an ECDSA asymmetric key. |
services.tls.certificate.parsed.subject_key_info.ecdsa.b |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.curve |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.gx |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.gy |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.length |
long |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.n |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.p |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.pub |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.x |
text |
|
services.tls.certificate.parsed.subject_key_info.ecdsa.y |
text |
|
services.tls.certificate.parsed.subject_key_info.fingerprint_sha256 |
text |
The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo. |
services.tls.certificate.parsed.subject_key_info.key_algorithm |
object |
A record containing information about the type of subject key algorithm and any relevant parameters. |
services.tls.certificate.parsed.subject_key_info.key_algorithm.name |
text |
Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record. |
services.tls.certificate.parsed.subject_key_info.key_algorithm.oid |
text |
|
services.tls.certificate.parsed.subject_key_info.rsa |
object |
A record containing the public portion of an RSA asymmetric key. |
services.tls.certificate.parsed.subject_key_info.rsa.exponent |
long |
The RSA key's public exponent (e). |
services.tls.certificate.parsed.subject_key_info.rsa.length |
long |
Bit-length of the RSA modulus. |
services.tls.certificate.parsed.subject_key_info.rsa.modulus |
text |
The RSA key's modulus (n) in big-endian encoding. |
services.tls.certificate.parsed.subject_key_info.unrecognized |
object |
A record containing known information about an unrecognized key type. |
services.tls.certificate.parsed.subject_key_info.unrecognized.raw |
text |
|
services.tls.certificate.parsed.unknown_extensions |
nested |
|
services.tls.certificate.parsed.unknown_extensions.critical |
boolean |
|
services.tls.certificate.parsed.unknown_extensions.id |
text |
|
services.tls.certificate.parsed.unknown_extensions.value |
text |
|
services.tls.certificate.parsed.validity_period |
object |
Information about the time for which the certificate is valid. |
services.tls.certificate.parsed.validity_period.length_seconds |
long |
The duration of the certificate's validity period, in seconds. |
services.tls.certificate.parsed.validity_period.not_after |
date |
An RFC-3339-formatted timestamp after which the certificate is no longer valid. |
services.tls.certificate.parsed.validity_period.not_before |
date |
An RFC-3339-formatted timestamp before which the certificate is not valid. |
services.tls.certificate.parsed.version |
integer |
|
services.tls.certificate.precert |
boolean |
Whether the X.509 "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted. |
services.tls.certificate.revocation |
object |
A record containing revocation information, if the certificate has been revoked. |
services.tls.certificate.revocation.crl |
object |
|
services.tls.certificate.revocation.crl.next_update |
date |
|
services.tls.certificate.revocation.crl.reason |
text |
An enumerated value indicating the issuer-supplied reason for the revocation. |
services.tls.certificate.revocation.crl.revocation_time |
date |
The issuer-supplied timestamp indicating when the certificate was revoked. |
services.tls.certificate.revocation.crl.revoked |
boolean |
Whether the certificate has been revoked before its expiry date by the issuer. |
services.tls.certificate.revocation.ocsp |
object |
|
services.tls.certificate.revocation.ocsp.next_update |
date |
|
services.tls.certificate.revocation.ocsp.reason |
text |
An enumerated value indicating the issuer-supplied reason for the revocation. |
services.tls.certificate.revocation.ocsp.revocation_time |
date |
The issuer-supplied timestamp indicating when the certificate was revoked. |
services.tls.certificate.revocation.ocsp.revoked |
boolean |
Whether the certificate has been revoked before its expiry date by the issuer. |
services.tls.certificate.revoked |
boolean |
Whether the certificate has been revoked before its expiry date by the issuer. |
services.tls.certificate.spki_subject_fingerprint_sha256 |
text |
The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject. |
services.tls.certificate.tbs_fingerprint_sha256 |
text |
The SHA-256 digest of the unsigned certificate's contents. |
services.tls.certificate.tbs_no_ct_fingerprint_sha256 |
text |
The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate. |
services.tls.certificate.validated_at |
date |
When the certificate record's trust was last checked. |
services.tls.certificate.validation |
object |
A record containing information from the maintainers of major root certificate stores related to their trust assessment. |
services.tls.certificate.validation.apple |
object |
A record containing validation information about the certificate from the Apple root store. |
services.tls.certificate.validation.apple.chains |
nested |
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints. |
services.tls.certificate.validation.apple.chains.sha256fp |
text |
|
services.tls.certificate.validation.apple.ever_valid |
boolean |
Whether the certificate has ever been considered valid by the root store. |
services.tls.certificate.validation.apple.had_trusted_path |
boolean |
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.apple.has_trusted_path |
boolean |
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.apple.in_revocation_set |
boolean |
Whether the certificate is in the revocation set (for example, OneCRL) associated with the root store. |
services.tls.certificate.validation.apple.is_valid |
boolean |
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
services.tls.certificate.validation.apple.parents |
text |
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
services.tls.certificate.validation.apple.type |
text |
The certificate's type. Options include root, intermediate, or leaf. |
services.tls.certificate.validation.chrome |
object |
A record containing validation information about the certificate from the Chrome root store. |
services.tls.certificate.validation.chrome.chains |
nested |
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints. |
services.tls.certificate.validation.chrome.chains.sha256fp |
text |
|
services.tls.certificate.validation.chrome.ever_valid |
boolean |
Whether the certificate has ever been considered valid by the root store. |
services.tls.certificate.validation.chrome.had_trusted_path |
boolean |
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.chrome.has_trusted_path |
boolean |
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.chrome.in_revocation_set |
boolean |
Whether the certificate is in the revocation set (for example, OneCRL) associated with the root store. |
services.tls.certificate.validation.chrome.is_valid |
boolean |
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
services.tls.certificate.validation.chrome.parents |
text |
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
services.tls.certificate.validation.chrome.type |
text |
The certificate's type. Options include root, intermediate, or leaf. |
services.tls.certificate.validation.microsoft |
object |
A record containing validation information about the certificate from the Microsoft root store. |
services.tls.certificate.validation.microsoft.chains |
nested |
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints. |
services.tls.certificate.validation.microsoft.chains.sha256fp |
text |
|
services.tls.certificate.validation.microsoft.ever_valid |
boolean |
Whether the certificate has ever been considered valid by the root store. |
services.tls.certificate.validation.microsoft.had_trusted_path |
boolean |
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.microsoft.has_trusted_path |
boolean |
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.microsoft.in_revocation_set |
boolean |
Whether the certificate is in the revocation set (for example, OneCRL) associated with the root store. |
services.tls.certificate.validation.microsoft.is_valid |
boolean |
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
services.tls.certificate.validation.microsoft.parents |
text |
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
services.tls.certificate.validation.microsoft.type |
text |
The certificate's type. Options include root, intermediate, or leaf. |
services.tls.certificate.validation.nss |
object |
A record containing validation information about the certificate from the Mozilla NSS root store. |
services.tls.certificate.validation.nss.chains |
nested |
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints. |
services.tls.certificate.validation.nss.chains.sha256fp |
text |
|
services.tls.certificate.validation.nss.ever_valid |
boolean |
Whether the certificate has ever been considered valid by the root store. |
services.tls.certificate.validation.nss.had_trusted_path |
boolean |
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.nss.has_trusted_path |
boolean |
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.nss.in_revocation_set |
boolean |
Whether the certificate is in the revocation set (for example, OneCRL) associated with the root store. |
services.tls.certificate.validation.nss.is_valid |
boolean |
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
services.tls.certificate.validation.nss.parents |
text |
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
services.tls.certificate.validation.nss.type |
text |
The certificate's type. Options include root, intermediate, or leaf. |
services.tls.certificate.validation_level |
text |
The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV). |
services.tls.certificate.zlint |
object |
A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint. |
services.tls.certificate.zlint.errors_present |
boolean |
Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard. |
services.tls.certificate.zlint.failed_lints |
text |
A list of lint names which failed, if applicable. |
services.tls.certificate.zlint.fatals_present |
boolean |
Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard. |
services.tls.certificate.zlint.notices_present |
boolean |
Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard. |
services.tls.certificate.zlint.timestamp |
date |
An RFC-3339-formated timestamp indicating when the certificate was linted. |
services.tls.certificate.zlint.version |
long |
The version of Zlint used to lint the certificate. |
services.tls.certificate.zlint.warnings_present |
boolean |
Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard. |
services.tls.certificates |
object |
Certificate and certificate chain details. |
services.tls.certificates.chain |
object |
Certificate chain information. |
services.tls.certificates.chain.fingerprint |
keyword |
SHA 256 fingerprint of the certificate in the certificate chain. |
services.tls.certificates.chain.issuer_dn |
text |
Distinguished name of the entity that has signed and issued the certificate. |
services.tls.certificates.chain.subject_dn |
text |
Distinguished name of the entity that the certificate belongs to. |
services.tls.certificates.chain_fps_sha_256 |
keyword |
DEPRECATED (04/30/2021) - Use `chain` instead. |
services.tls.certificates.leaf_data |
object |
The TBS Certificate information. |
services.tls.certificates.leaf_data.fingerprint |
keyword |
SHA256 fingerprint of the TBS certificate. |
services.tls.certificates.leaf_data.issuer |
object |
Issuer distinguished name attributes. |
services.tls.certificates.leaf_data.issuer.common_name |
text |
|
services.tls.certificates.leaf_data.issuer.country |
text |
|
services.tls.certificates.leaf_data.issuer.domain_component |
text |
|
services.tls.certificates.leaf_data.issuer.email_address |
text |
|
services.tls.certificates.leaf_data.issuer.jurisdiction_country |
text |
|
services.tls.certificates.leaf_data.issuer.jurisdiction_locality |
text |
|
services.tls.certificates.leaf_data.issuer.jurisdiction_province |
text |
|
services.tls.certificates.leaf_data.issuer.locality |
text |
|
services.tls.certificates.leaf_data.issuer.organization |
text |
|
services.tls.certificates.leaf_data.issuer.organization_id |
text |
|
services.tls.certificates.leaf_data.issuer.organizational_unit |
text |
|
services.tls.certificates.leaf_data.issuer.postal_code |
keyword |
|
services.tls.certificates.leaf_data.issuer.province |
text |
|
services.tls.certificates.leaf_data.issuer.serial_number |
keyword |
|
services.tls.certificates.leaf_data.issuer.street_address |
text |
|
services.tls.certificates.leaf_data.issuer_dn |
text |
Distinguished name of the entity that has signed and issued the certificate. |
services.tls.certificates.leaf_data.names |
text |
Common names for the entity. |
services.tls.certificates.leaf_data.pubkey_algorithm |
text |
Algorithm used to create the public key. |
services.tls.certificates.leaf_data.pubkey_bit_size |
integer |
Size of the public key. |
services.tls.certificates.leaf_data.public_key |
object |
Subject public key information. |
services.tls.certificates.leaf_data.public_key.dsa |
object |
|
services.tls.certificates.leaf_data.public_key.dsa.g |
text |
|
services.tls.certificates.leaf_data.public_key.dsa.p |
text |
|
services.tls.certificates.leaf_data.public_key.dsa.q |
text |
|
services.tls.certificates.leaf_data.public_key.dsa.y |
text |
|
services.tls.certificates.leaf_data.public_key.ecdsa |
object |
|
services.tls.certificates.leaf_data.public_key.ecdsa.b |
text |
|
services.tls.certificates.leaf_data.public_key.ecdsa.curve |
keyword |
|
services.tls.certificates.leaf_data.public_key.ecdsa.gx |
text |
|
services.tls.certificates.leaf_data.public_key.ecdsa.gy |
text |
|
services.tls.certificates.leaf_data.public_key.ecdsa.length |
unsigned_long |
|
services.tls.certificates.leaf_data.public_key.ecdsa.n |
text |
|
services.tls.certificates.leaf_data.public_key.ecdsa.p |
text |
|
services.tls.certificates.leaf_data.public_key.ecdsa.pub |
text |
|
services.tls.certificates.leaf_data.public_key.ecdsa.x |
text |
|
services.tls.certificates.leaf_data.public_key.ecdsa.y |
text |
|
services.tls.certificates.leaf_data.public_key.fingerprint |
text |
|
services.tls.certificates.leaf_data.public_key.key_algorithm |
keyword |
|
services.tls.certificates.leaf_data.public_key.rsa |
object |
|
services.tls.certificates.leaf_data.public_key.rsa.exponent |
text |
|
services.tls.certificates.leaf_data.public_key.rsa.length |
unsigned_long |
|
services.tls.certificates.leaf_data.public_key.rsa.modulus |
text |
|
services.tls.certificates.leaf_data.signature |
object |
Certificate signature information. |
services.tls.certificates.leaf_data.signature.self_signed |
boolean |
Denotes if the certificate was self signed. |
services.tls.certificates.leaf_data.signature.signature_algorithm |
keyword |
Cryptographic algorithm used by the CA to sign this certificate. |
services.tls.certificates.leaf_data.subject |
object |
Subject distinguished name attributes. |
services.tls.certificates.leaf_data.subject.common_name |
text |
|
services.tls.certificates.leaf_data.subject.country |
text |
|
services.tls.certificates.leaf_data.subject.domain_component |
text |
|
services.tls.certificates.leaf_data.subject.email_address |
text |
|
services.tls.certificates.leaf_data.subject.jurisdiction_country |
text |
|
services.tls.certificates.leaf_data.subject.jurisdiction_locality |
text |
|
services.tls.certificates.leaf_data.subject.jurisdiction_province |
text |
|
services.tls.certificates.leaf_data.subject.locality |
text |
|
services.tls.certificates.leaf_data.subject.organization |
text |
|
services.tls.certificates.leaf_data.subject.organization_id |
text |
|
services.tls.certificates.leaf_data.subject.organizational_unit |
text |
|
services.tls.certificates.leaf_data.subject.postal_code |
keyword |
|
services.tls.certificates.leaf_data.subject.province |
text |
|
services.tls.certificates.leaf_data.subject.serial_number |
keyword |
|
services.tls.certificates.leaf_data.subject.street_address |
text |
|
services.tls.certificates.leaf_data.subject_dn |
text |
Distinguished name of the entity associated with the public key. |
services.tls.certificates.leaf_data.tbs_fingerprint |
keyword |
Fingerprint of the TBS certificate. |
services.tls.certificates.leaf_fp_sha_256 |
keyword |
SHA 256 fingerprint of the TBS certificate. |
services.tls.cipher_selected |
text |
Cipher suite chosen for the exchange. |
services.tls.ja3s |
text |
The JA3S fingerprint for this service. |
services.tls.presented_chain |
object |
Certificate chain information. |
services.tls.presented_chain.fingerprint |
keyword |
SHA 256 fingerprint of the certificate in the certificate chain. |
services.tls.presented_chain.issuer_dn |
text |
Distinguished name of the entity that has signed and issued the certificate. |
services.tls.presented_chain.subject_dn |
text |
Distinguished name of the entity that the certificate belongs to. |
services.tls.server_key_exchange |
object |
|
services.tls.server_key_exchange.ec_params |
object |
Elliptic-Curve key exchange parameters used. |
services.tls.server_key_exchange.ec_params.named_curve |
unsigned_long |
Elliptic-Curve ID value. |
services.tls.server_key_exchange.ec_params.public_key |
text |
|
services.tls.session_ticket |
object |
The new session ticket sent by the server to the client. |
services.tls.session_ticket.length |
unsigned_long |
|
services.tls.session_ticket.lifetime_hint |
unsigned_long |
Hint from server about how long the session ticket should be stored. |
services.tls.versions.tls_version |
text |
Attack Surface Management only at this time |
services.tls.version_selected |
text |
Certificate version v1(0), v2(1), v3(2). |
Comments
0 comments
Article is closed for comments.