GET Certificates ID
The GET /Certificates/{id} method is used to return details for the certificate with the specified ID. This method returns HTTP 200 OK on a success with certificate details in the message body.
Certificate permission can be granted at either the global or collection
The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). level. See note under CollectionId, below.
Table 200: GET Certificates {id} Input Parameters
| Name | In | Description |
|---|---|---|
| id | Path | Required. An integer indicating the Keyfactor Command reference ID of the certificate. Use the GET /Certificates method (see GET Certificates) to retrieve a list of multiple certificates to determine the desired certificate's ID. |
| includeLocations | Query | A Boolean that sets whether to include the Locations data in the response (true) or not (false). If false is selected, the LocationsCount and Locations fields will still appear in the response, but they will contain no data. The default is false. |
| includeMetadata | Query | A Boolean that sets whether to include the Metadata data in the response (true) or not (false). If false is selected, the Metadata field will still appear in the response, but it will contain no data. The default is false. |
| CollectionId | Query |
An integer specifying an optional certificate collection identifier to validate that the user executing the request has sufficient permissions to do so. If a certificate collection ID is not supplied, the user must have global permissions to complete the action. Supplying a certificate collection ID allows for a check of the user's certificate collection-level permissions to determine whether the user has sufficient permissions at a collection level to complete the action. See Certificate Permissions in the Keyfactor Command Reference Guide for more information. |
Table 201: GET Certificates {id} Response Data
| Name | Description |
|---|---|
| Id | An integer indicating the Keyfactor Command reference ID of the certificate. |
| Thumbprint | A string indicating the thumbprint of the certificate. |
| SerialNumber | A string indicating the serial number of the certificate. |
| IssuedDN | A string indicating the distinguished name of the certificate. |
| IssuedCN | A string indicating the common name A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). of the certificate. |
| ImportDate | The date, in UTC, on which the certificate was imported into Keyfactor Command. |
| NotBefore | The date, in UTC, on which the certificate was issued by the certificate authority A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.. |
| NotAfter | The date, in UTC, on which the certificate expires. |
| IssuerDN | A string indicating the distinguished name of the issuer. |
| PrincipalId | An integer indicating the Keyfactor Command reference ID of the principal (UPN) that requested the certificate.
Typically, this field is only populated for end user certificates requested through Keyfactor Command (e.g. Mac auto-enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). certificates). See also PrinicpalName. |
| TemplateId | An integer indicating the Keyfactor Command reference ID of the template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. associated with the certificate. |
| CertState | An integer specifying the state of the certificate. Show certificate state details. |
| KeySizeInBits | An integer specifying the key size The key size or key length is the number of bits in a key used by a cryptographic algorithm. in bits.
|
| KeyType | An integer specifying the key type The key type identifies the type of key to create when creating a symmetric or asymmetric key. It references the signing algorithm and often key size (e.g. AES-256, RSA-2048, Ed25519). of the certificate. Show key type details. |
| RequesterId | An integer indicating the Keyfactor Command reference ID of the identity that requested the certificate. See also RequesterName. |
| IssuedOU | A string indicating the organizational unit of the certificate. |
| IssuedEmail | A string indicating the email address of the certificate. |
| KeyUsage |
An integer indicating the total key usage of the certificate.
Key usage is stored in Active Directory as a single value made of a combination of values. For example, a value of 160 would represent a key usage of digital signature with key encipherment. A value of 224 would add nonrepudiation to those. |
| SigningAlgorithm | A string indicating the algorithm used to sign the certificate. |
| CertStateString | A string containing the certificate state. The possible values are:
|
| KeyTypeString | A string containing the key type description (e.g. RSA) as per the types and descriptions shown for KeyType. |
| RevocationEffDate | The date, in UTC, on which the certificate was revoked, if applicable. |
| RevocationReason | An integer indicating the reason the certificate was revoked. Show revocation reason details. |
| RevocationComment | An internally used Keyfactor Command field. |
| CertificateAuthorityId | An integer indicating the Keyfactor Command reference ID of the certificate authority that issued the certificate. |
| CertificateAuthorityName | A string indicating the certificate authority that issued the certificate. |
| TemplateName | A string indicating the name of the template that was used when issuing the certificate. |
| ArchivedKey | A Boolean that indicates whether the certificate has a key archived in the issuing CA (true) or not (false). |
| HasPrivateKey | A Boolean that indicates whether the certificate has a private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. stored in Keyfactor Command (true) or not (false) |
| PrincipalName | A string containing the name of the principal (UPN) that requested the certificate. Typically, this field is only populated for end user certificates requested through Keyfactor Command (e.g. Mac auto-enrollment certificates). |
| CertRequestId | An integer containing the Keyfactor Command reference ID of the certificate request. |
| RequesterName | A string containing the name of the identity that requested the certificate. |
| ContentBytes | A string containing the certificate as bytes. |
| ExtendedKeyUsages |
An array containing the extended key usages associated with the certificate. |
| SubjectAltNameElements | An array containing the subject alternative name The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. elements of the certificate. Show SAN details. |
| CRLDistributionPoints | An array containing the distribution points for the certificate revocation lists the certificate could be in. Show CRL distribution point details. |
| LocationsCount | An array containing a count of how many certificates are in each location type. This returns a list of type and count combination. For example:"LocationsCount": [
{
"Type": "IIS",
"Count": 2
},
{
"Type": "F5-SL-REST",
"Count": 1
}
] |
| SSLLocations |
An array containing the locations where the certificate is found using SSL |
| Locations | An array containing the locations where the certificate is found using certificate store inventorying. Show certificate store location details. |
| Metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates.
|
An array containing the metadata fields populated for the certificate. |
| CertificateKeyId | An integer indicating the Keyfactor Command reference ID for the private key, if one exists, and public key In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. of the certificate. |
| CARowIndex |
An integer containing the CA's reference ID for certificate. Note: The CARowIndex has been replaced by CARecordId, but will remain for backward compatibility. It will only contain a non-zero value for certificates issued by Microsoft CAs. For Microsoft CA certificates, the CARowIndex will be equal to the CARecordId value parsed to an integer.
|
| CARecordId | A string containing the CA's reference ID for certificate. |
| DetailedKeyUsage |
An array containing details of the key usage configured for the certificate. |
| KeyRecoverable | A Boolean that indicates whether the certificate key is recoverable (true) or not (false). |
| Curve |
A string indicating the OID of the elliptic curve algorithm configured for the certificate, for ECC templates. Well-known OIDs include:
|
) at the top of the Keyfactor Command Management Portal page next to the Log Out button.
