Full Certificate Extract Report

The Full Certificate Extract Report shows detailed information for the active, expired and revoked certificates in the selected collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports)..

The export options for the Full Certificate Extract Report are CSV and Excel.

The report table includes these fields:

Common Name A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com).

The common name of the certificate.
Valid From

The date on which the certificate became valid (typically the issuance date).
Valid To

The date on which the certificate expires.
Days to Expiration

The number of days remaining until the certificate expires. This will be a negative value for expired certificates.
Signature Algorithm

The cryptographic algorithm used to sign the certificate.
Key Size The key size or key length is the number of bits in a key used by a cryptographic algorithm.

The key length The key size or key length is the number of bits in a key used by a cryptographic algorithm. used to create the certificate.
Validity Period

The number of days for which the certificate was issued.
Serial Number

The serial number of the certificate.
DN A distinguished name (DN) is the name that uniquely identifies an object in a directory. In the context of Keyfactor Command, this directory is generally Active Directory. A DN is made up of attribute=value pairs, separated by commas. Any of the attributes defined in the directory schema can be used to make up a DN.

The distinguished name (subject) of the certificate.
Issuer DN

The distinguished name of the issuer (CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.) for the certificate.
User Name

The name of the identity that requested the certificate.

Total SANs

The total number of subject alternative names (SANs) for the certificate.
SANs

Any subject alternative names (SANs) of type DNS The Domain Name System is a service that translates names into IP addresses. name, UPN, or email.
SANs IP

Any subject alternative names (SANs) of type IP address.
Port

The port where the certificate was found on an SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. scan.
IP Address

The IP address where the certificate was found on an SSL scan.
DNS Name

The DNS name resolved for the IP address where the certificate was found on an SSL scan.
Alias

The alias of the certificate in the certificate store.
Client Machine

Depending on the type of certificate store, either the name of the server on which the orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. is installed or the name of the server on which the certificate store is located.
Store Path

The location of the certificate store. The format of this value will vary depending on the type of certificate store.
Template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.

The certificate template used to issue the certificate.
Certificate State

The current state of the certificate (e.g. Active, Revoked).

Column handling on this report grid has the following features:

To change the width of a column of the report, hover over the triangle of dots on the right side of the selected column header (). Click, hold and drag the triangle to change the width of the column.
To rearrange columns on the report display, hover over the rectangle of dots on the left side of the selected column header (). Click, hold, and drag the rectangle to move the column to your selected location.
Most columns can be sorted in ascending order by clicking on the header of the column. Click the column header again to reverse the sort order.

This report takes the input parameters:

The certificate collection to report on, including the built-in All Certificates collection.
A checkbox to include or exclude revoked certificates in report output.

Note: Certificates that are both expired and revoked will only appear if both Include Expired and Include Revoked are checked. If only one is checked, the certificate will not appear.
A checkbox to include or exclude expired certificates in report output.
The metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. field(s) to include, if desired. This will append the selected metadata columns to the end of the report.

Tip: If you Save a new certificate collection, or Save a change to an existing certificate collection, that change will be immediately reflected in the collection data used to display certificate collections on dashboards and reports. The data used by the dashboards and reports is stored in an intermediate table that is updated immediately. It will also continue to be updated periodically (approximately every 20 minutes by default as configured by the Dashboard Collection Caching Interval application setting) by the Keyfactor Command Service (see Application Settings: Console Tab).

Version v12.0

On this page: