certificate.query¶
No Additional Items
Tuple Validation
Parameter 1: filters
filters
Type: array Default: []List of filters for query results. See API documentation for "Query Methods" for more guidance.
No Additional ItemsEach item of this array must be:
[
[
"name",
"=",
"bob"
]
]
[
[
"OR",
[
[
[
"name",
"=",
"bob"
]
],
[
[
"name",
"=",
"larry"
]
]
]
]
]
Parameter 2: options
options
Type: objectQuery options including pagination, ordering, and additional parameters.
No Additional PropertiesExtra
Type: object Default: {}Extra options are defined on a per-endpoint basis and are described in the documentation for the associated query method.
Order By
Type: array of string Default: []An array of field names describing the manner in which query results should be ordered. The field names may also have one of more of the following special prefixes: - (reverse sort direction), nulls_first: (place any null values at the head of the results list), nulls_last: (place any null values at the tail of the results list).
Each item of this array must be:
[
"size",
"-devname",
"nulls_first:-expiretime"
]
Select
Type: array Default: []An array of field names specifying the exact fields to include in the query return. The dot character . may be used to explicitly select only subkeys of the query result.
Each item of this array must be:
No Additional Items
Each item of this array must be:
[
"username",
"Authentication.status"
]
Count
Type: boolean Default: falseReturn a numeric value representing the number of items that match the specified query-filters.
Get
Type: boolean Default: falseReturn the JSON object of the first result matching the specified query-filters. The query fails if there specified query-filters return no results.
Offset
Type: integer Default: 0This specifies the beginning offset of the results array. When combined with the limit query-option it may be used to implement pagination of large results arrays. WARNING: some query methods provide volatile results and the onus is on the developer to understand whether pagination is appropriate for a particular query API method.
Limit
Type: integer Default: 0This specifies the maximum number of results matching the specified query-filters to return. When combined wtih the offset query-option it may be used to implement pagination of large results arrays.
WARNING: Some query methods provide volatile results and the onus is on the developer to understand whether pagination is appropriate for a particular query API method.
Force Sql Filters
Type: boolean Default: falseForce use of SQL for result filtering to reduce response time. May not work for all methods.
Result
No Additional Items
Each item of this array must be:
CertificateQueryResultItem
Type: objectNo Additional Properties
Id
Type: integerUnique identifier for this certificate entry.
Type
Type: integerInternal certificate type identifier used to determine certificate capabilities.
Name
Type: stringHuman-readable name for this certificate. Must be unique and contain only alphanumeric characters, dashes, and underscores.
Must be at least 1 characters long
Certificate
PEM-encoded X.509 certificate data. null for certificate signing requests (CSR) that have not yet been signed.
Privatekey
PEM-encoded private key corresponding to the certificate. null if no private key is available or for imported certificates without keys.
Csr
PEM-encoded Certificate Signing Request (CSR) data. null for imported certificates or completed ACME certificates.
Acme Uri
ACME directory server URI used for automated certificate management. null for non-ACME certificates.
Domains Authenticators
Mapping of domain names to ACME DNS authenticator IDs for domain validation. null for non-ACME certificates.
Renew Days
Number of days before expiration to attempt automatic renewal. Only applicable for ACME certificates. null for non-renewable certificates.
Acme
ACME registration and account information used for certificate lifecycle management. null for non-ACME certificates.
Add To Trusted Store
Type: booleanWhether this certificate should be added to the system's trusted certificate store.
Root Path
Type: stringFilesystem path where certificate-related files are stored.
Must be at least 1 characters long
Certificate Path
Filesystem path to the certificate file (.crt). null if no certificate is available.
Must be at least 1 characters long
Privatekey Path
Filesystem path to the private key file (.key). null if no private key is available.
Must be at least 1 characters long
Csr Path
Filesystem path to the certificate signing request file (.csr). null if no CSR is available.
Must be at least 1 characters long
Cert Type
Type: stringHuman-readable certificate type, typically 'CERTIFICATE' for standard certificates.
Must be at least 1 characters long
Cert Type Existing
Type: booleanWhether this is an existing certificate (imported or generated).
Cert Type Csr
Type: booleanWhether this entry represents a Certificate Signing Request (CSR) rather than a signed certificate.
Cert Type Ca
Type: booleanWhether this certificate is a Certificate Authority (CA) certificate.
Chain List
Type: array of stringArray of PEM-encoded certificates in the certificate chain, starting with the leaf certificate.
No Additional ItemsEach item of this array must be:
Key Length
Size of the cryptographic key in bits. null if key information is unavailable.
Key Type
Type of cryptographic key algorithm (e.g., 'RSA', 'EC', 'DSA'). null if key information is unavailable.
Must be at least 1 characters long
Country
ISO 3166-1 alpha-2 country code from the certificate subject. null if not specified.
State
State or province name from the certificate subject. null if not specified.
City
City or locality name from the certificate subject. null if not specified.
Organization
Organization name from the certificate subject. null if not specified.
Organizational Unit
Organizational unit from the certificate subject. null if not specified.
Common
Common name (CN) from the certificate subject. null if not specified.
San
Subject Alternative Names (SAN) from the certificate extension. null if no SAN extension is present.
No Additional Items
Each item of this array must be:
Email address from the certificate subject. null if not specified.
Dn
Distinguished Name (DN) of the certificate subject in RFC 2253 format. null if certificate parsing failed.
Subject Name Hash
Hash of the certificate subject name. null if certificate parsing failed.
Extensions
Type: objectX.509 certificate extensions parsed into a dictionary structure.
Digest Algorithm
Cryptographic hash algorithm used for certificate signing (e.g., 'SHA256'). null if unavailable.
Lifetime
Certificate validity period in seconds. null if certificate parsing failed.
From
Certificate validity start date in ISO 8601 format. null if certificate parsing failed.
Until
Certificate validity end date in ISO 8601 format. null if certificate parsing failed.
Serial
Certificate serial number. null if certificate parsing failed.
Chain
Whether this certificate has an associated certificate chain. null if unavailable.
Fingerprint
SHA-256 fingerprint of the certificate in hexadecimal format. null if certificate parsing failed.
Expired
Whether the certificate has expired. null if certificate parsing failed.
Parsed
Type: booleanWhether the certificate data was successfully parsed and validated.
CertificateQueryResultItem
Type: objectNo Additional Properties
Id
Type: integerUnique identifier for this certificate entry.
Type
Type: integerInternal certificate type identifier used to determine certificate capabilities.
Name
Type: stringHuman-readable name for this certificate. Must be unique and contain only alphanumeric characters, dashes, and underscores.
Must be at least 1 characters long
Certificate
PEM-encoded X.509 certificate data. null for certificate signing requests (CSR) that have not yet been signed.
Privatekey
PEM-encoded private key corresponding to the certificate. null if no private key is available or for imported certificates without keys.
Csr
PEM-encoded Certificate Signing Request (CSR) data. null for imported certificates or completed ACME certificates.
Acme Uri
ACME directory server URI used for automated certificate management. null for non-ACME certificates.
Domains Authenticators
Mapping of domain names to ACME DNS authenticator IDs for domain validation. null for non-ACME certificates.
Renew Days
Number of days before expiration to attempt automatic renewal. Only applicable for ACME certificates. null for non-renewable certificates.
Acme
ACME registration and account information used for certificate lifecycle management. null for non-ACME certificates.
Add To Trusted Store
Type: booleanWhether this certificate should be added to the system's trusted certificate store.
Root Path
Type: stringFilesystem path where certificate-related files are stored.
Must be at least 1 characters long
Certificate Path
Filesystem path to the certificate file (.crt). null if no certificate is available.
Must be at least 1 characters long
Privatekey Path
Filesystem path to the private key file (.key). null if no private key is available.
Must be at least 1 characters long
Csr Path
Filesystem path to the certificate signing request file (.csr). null if no CSR is available.
Must be at least 1 characters long
Cert Type
Type: stringHuman-readable certificate type, typically 'CERTIFICATE' for standard certificates.
Must be at least 1 characters long
Cert Type Existing
Type: booleanWhether this is an existing certificate (imported or generated).
Cert Type Csr
Type: booleanWhether this entry represents a Certificate Signing Request (CSR) rather than a signed certificate.
Cert Type Ca
Type: booleanWhether this certificate is a Certificate Authority (CA) certificate.
Chain List
Type: array of stringArray of PEM-encoded certificates in the certificate chain, starting with the leaf certificate.
No Additional ItemsEach item of this array must be:
Key Length
Size of the cryptographic key in bits. null if key information is unavailable.
Key Type
Type of cryptographic key algorithm (e.g., 'RSA', 'EC', 'DSA'). null if key information is unavailable.
Must be at least 1 characters long
Country
ISO 3166-1 alpha-2 country code from the certificate subject. null if not specified.
State
State or province name from the certificate subject. null if not specified.
City
City or locality name from the certificate subject. null if not specified.
Organization
Organization name from the certificate subject. null if not specified.
Organizational Unit
Organizational unit from the certificate subject. null if not specified.
Common
Common name (CN) from the certificate subject. null if not specified.
San
Subject Alternative Names (SAN) from the certificate extension. null if no SAN extension is present.
No Additional Items
Each item of this array must be:
Email address from the certificate subject. null if not specified.
Dn
Distinguished Name (DN) of the certificate subject in RFC 2253 format. null if certificate parsing failed.
Subject Name Hash
Hash of the certificate subject name. null if certificate parsing failed.
Extensions
Type: objectX.509 certificate extensions parsed into a dictionary structure.
Digest Algorithm
Cryptographic hash algorithm used for certificate signing (e.g., 'SHA256'). null if unavailable.
Lifetime
Certificate validity period in seconds. null if certificate parsing failed.
From
Certificate validity start date in ISO 8601 format. null if certificate parsing failed.
Until
Certificate validity end date in ISO 8601 format. null if certificate parsing failed.
Serial
Certificate serial number. null if certificate parsing failed.
Chain
Whether this certificate has an associated certificate chain. null if unavailable.
Fingerprint
SHA-256 fingerprint of the certificate in hexadecimal format. null if certificate parsing failed.
Expired
Whether the certificate has expired. null if certificate parsing failed.
Parsed
Type: booleanWhether the certificate data was successfully parsed and validated.
Required roles: CERTIFICATE_READ