Certificates status filters

GET Certificates and HEAD Certificates can filter by certificate status. For example, you can list Trust Protection Platform certificates by life cycle stage.

You can use multiple Certificates status filters and Certificates attribute filters in the same API call. The syntax is the same for both:

  • Certificates with two possible values from the same filter, use the ampersand (&) symbol as the OR operator.
  • Certificates with a range of values from the same filter, list each value and use the comma (,) separator as the OR operator.
  • Certificates that meet criteria from multiple filters, use the ampersand (&) symbol as the AND operator.

For example:

...?ValidationState=Blank&ValidationState=Failure //Find certs that have either value 
...?Stage=200,500,800 //Find certs having one value from the list
...?CreatedOn=2017-10-24&Stage=500 //Find certs based on both filters

Use appropriate syntax for your environment. For example, add quotes as required. Status filters return case insensitive results. For example, searching for ParentDn=%5Cved%5Cpolicy%5Ccerts%5Cmorecerts, returns certificates from \\VED\\Policy\\MoreCerts.

The following Certificates Status filters are available:

Status filters

Certificates status filter

Description

ChainValidationFailure

Find certificates that contain at least one invalid Chain of Trust. Specify one or more Certificates Chain Codes

Example: ChainValidationFailure=MismatchedChain

CreatedOn

Find certificates that were created at an exact date and time. Specify YYYY-MM-DD or the ISO 8601 format, for example YYYY-MM-DDTHH:MM:SS.mmmmmmmZ:

  • If the time is missing, the default is midnight. For example, 2017-12-19 is interpreted as 2017-12-19T00:00:00.000000Z.
  • If the time zone qualifier is missing, Universal Time Coordinated (UTC) is used instead. For example, 2017-12-19T00:52:50.5387438.
  • For a specific time zone, add the number of hours before or after UTC. For example, 2017-12-19T19:52:50.5387438-05 is equivalent to 2017-12-19T00:52:50.5387438Z.

Example: CreatedOn=2017-10-24T00:52:50.5387438Z

CreatedOnGreater

Find certificates created after this date and time. Specify YYYY-MM-DD or the ISO 8601 format, for example YYYY-MM-DDTHH:MM:SS.mmmmmmmZ

Example: CreatedOnGreater=2017-12-19

CreatedOnLess

Find certificates created before this date and time. Specify YYYY-MM-DD or the ISO 8601 format, for example YYYY-MM-DDTHH:MM:SS.mmmmmmmZ

Example: CreatedOnLess=2017-12-19

Disabled

Include only certificates that are enabled 0 or disabled 1.

Example: Disabled=1

InError

Include only certificates by error state: No error 0 or in an error state 1

Example: InError=1

ManagementType

Find certificates with a Management type of Unassigned, Monitoring, Enrollment, or Provisioning.

Example: ManagementType=Enrollment

Name

Find a certificate object.

Example: Name=Cert1

NetworkValidationDisabled

Include only certificates with network validation enabled 0 or disabled 1.

Example: NetworkValidationDisabled=1

ParentDn

Find certificates that appear in a single folder. Accepts a single value. No quotes are needed. If you want the parent and its subfolders, call ParentDnRecursive instead.

Example: ParentDn=%5CVED%5CPolicy%5CCertificates

Example for Swagger: \VED\Policy\Certificates

ParentDnRecursive

Find certificates within a specific folder and its subfolders. Accepts a single value. No quotes are needed. If there are many certificates, add the GET or HEAD Limit parameter.

Example: ParentDnRecursive=%5CVED%5CPolicy

Example for Swagger: \VED\Policy

PendingWorkflow

Include only certificates that have a pending workflow resolution, for example, an outstanding workflow ticket. This parameter does not require a corresponding value.

Example: PendingWorkflow

SslTlsProtocol

Find certificates that contain at least one protocol that failed to communicate with the target host. Specify one or more of the following: Ssl2, Ssl3, Tls, Tls11, Tls12.

Example: SslTlsProtocol=Tls, Tls11, Tls12

Stage

Find certificates using one or more stages in the certificate lifecycle. The lifecycle has these stages:

  • For key and Certificate Signing Requests (CSR), stages 0-499.
  • For Certificate Authority (CA) stages, stages 500-799.
  • For certificate installation and provisioning, stages 800-1200.

Example: Stage=0, 499

StageGreater

Find certificates with a stage greater than the specified stage (does not include specified stage).

Example: StageGreater=799

StageLess

Find certificates with a stage less than the specified stage (does not include specified stage).

Example: StageLess=500

TlsValidationFailure

Find certificates that did not successfully validate using SSL/TLS. Specify one or more Certificates TLS validation states .

Example: TlsValidationFailure=MismatchWithKnown

ValidationDisabled

Include only certificates with validation enabled 0 or disabled 1.

Example: ValidationDisabled=1

ValidationState

Find certificates with a validation state of Blank, Success, or Failure.

Example: ValidationState=Failure