Saving Search Criteria as a Collection

To save your search criteria as a certificate collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports).:

1. Click the Save button.

   

   Figure 30: Save Certificate Collection

2. In the Save Certificate Search dialog, enter a name for the certificate collection. This name appears at the top of the page for this collection and can be configured to appear on the Management Portal menu under Certificates. It will also appear in other places within the Management Portal where you can reference certificate collections (e.g. expiration alerts and certain reports and dashboards). Because it can appear on the menu and in selection dropdowns, the name should be fairly short.
3. Enter a description for the collection. This description appears as a subtitle below the collection name on the page for this collection and can be more detailed than the collection name.

4. Select a setting in the Ignore renewed certificate results by dropdown. The Ignore dropdown applies to processing reports or expiration alerts and contains these options:

   None

   Do not eliminate duplicate certificates when processing reports or expiration alerts based on this certificate collection.

   Common Name

   Eliminate duplicate certificates based on the common name A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). in the certificate when processing reports or expiration alerts. Certificates will be excluded from reports and expiration alerts if they share the same common name and enhanced key usage (EKU—e.g. Client Authentication). The certificate with the most recent issued date and the given common name and EKU will be included in the report or expiration alert.

   Distinguished Name

   Eliminate duplicate certificates based on the distinguished name in the certificate when processing reports or expiration alerts. Certificates will be excluded from reports and expiration alerts if they share the same distinguished name and EKU. The certificate with the most recent issued date and the given distinguished name and EKU will be included in the report or expiration alert.

   Principal Name

   Eliminate duplicate certificates based on the principal name in the certificate status data stored in the Keyfactor Command database for the certificate when processing reports or expiration alerts. The principal name is added to the certificate status data for the certificate during certificate synchronization if the certificate SAN The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. contains a user principal name or NT principal name. Certificates will be excluded from reports and expiration alerts if they share the same principal name and EKU. The certificate with the most recent issued date and the given principal name and EKU will be included in the report or expiration alert.

   Note:  Regardless of the selection you make in the Ignore option, all certificates will appear in the search results grid. Duplicate certificates are not excluded on this page.

   When processing reports or expiration alerts based on this certificate collection, only certificates that share all the EKUs (e.g. Client Authentication and Server Authentication) as well as the same CN A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com)., DN A distinguished name (DN) is the name that uniquely identifies an object in a directory. In the context of Keyfactor Command, this directory is generally Active Directory. A DN is made up of attribute=value pairs, separated by commas. Any of the attributes defined in the directory schema can be used to make up a DN. or UPN will be eliminated as duplicates. If a certificate has more than one EKU and at least one EKU does not match an otherwise similar certificate with matching CN, DN or UPN, it will not be eliminated on reports or expiration alerts.

5. Check the Show on Dashboard box to include the results from this collection on the Collection dashboard (see Dashboard: Collections). You will not be able to change this setting once the collection is saved. If you need to change it, you would need to edit the collection and re-save it.
   Note:  The collections dashboard widget will only display the first 25 collections alphabetically. A brief warning message explaining this will be shown on the collections save dialog when the Show on Dashboard box is checked.
6. Check the Show in Navigator box to include the collection on the Management Portal menu (on the Certificates top-level menu dropdown).
7. Click Save to save the collection. The search results will display immediately. If you didn't select the Show in Navigator option, you can find the collection again on the Certificate Collection Management page, accessed by navigating to Certificates > Collection Manager from the Management Portal.