Certificate Details

The Content tab shows the certificate attributes from the CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. (Active Directory in the case of a Microsoft CA). These fields are not editable. The list of Subject Alternative Names (SANs) and SAN The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. count are also included on this tab. For an ECC Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. ECC generates keys through the properties of the elliptic curve equation instead of the traditional method of generation as the product of very large prime numbers. certificate, the elliptic curve algorithm is included on this tab.

The Metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. tab displays all metadata fields created for your Keyfactor Command implementation and shows any data in fields that have been populated with values specific to the certificate. Depending on the metadata type, these fields appear as text boxes, radio buttons, drop-downs, date fields, table or large text fields.

For users with edit permissions, on date fields a small popup calendar will appear that will allow you to select a date and will properly format it for you. You may edit values for any metadata fields to update the data at any time. You may also update multiple certificates' metadata with the same data by selecting multiple certificates from the certificates grid. Required fields will be marked with *Required next to the field label. See Certificate Metadata for information on this functionality.

The status tab displays some additional information about the certificate (see Table 3: Status Tab Descriptions).

The fields on this tab cannot be edited.

This tool will report on the certificate validity based on the criteria defining the status of an X509 chain shown in Table 4: Validation Tab Descriptions. This tab replaces the former Validate action from the certificate search grid. An alert symbol will show on the tab header if one or more tests have a result of Fail.

If you have added the certificate to any certificate store location(s) a number will appear in the Count column on the corresponding Location Type row. Users with limited permissions will only see locations for types of certificate stores to which they have been granted permissions either globally or via certificate store containers (see Container Permissions). Click the count number for more details regarding this certificate's location. See Add to Certificate Store for more information. The Total Cert Store Locations appears at the end of the list. Clicking on the total will open a dialog with the list of locations with the columns: Store Path, Store Machine, Alias, IPAddress, Port, and Agent Pool which will be populated depending on the details of the individual stores.

Note:  The SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. network name is searchable with certificate search and also appears in the location details grid of the certificate details, if the certificate was found during an SSL scan.

History about a certificate is recorded in the Keyfactor Command database for the following types of activities (see also Audit Log):

• Initial Import—A history entry is made on import via CA synchronization, SSL synchronization, certificate store synchronization or manual import.
• Certificate Enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA).—A history entry is made when a PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. or CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. enrollment is completed through the Keyfactor Command Management Portal. The source of the request (PFX or CSR) is indicated.
• Revocation—A history entry is made each time a certificate is revoked, so if a certificate is revoked multiple times, there will be multiple history entries.
• Key Recovery—A history entry is made each time the key for a certificate is recovered, so if the key for a given certificate is recovered multiple times, there will be multiple history entries. This type of record is generated when the private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. for a certificate is downloaded from the Keyfactor Command database or when a private key is recovered from a CA using the CA's key recovery mechanism.
• Certificate Store Additions and Removals—A history entry is made each time a certificate is added to a certificate store or removed from a certificate store. These entries reference the specific certificate store type and whether the operation was an addition or removal—Add ([store type]) and Remove ([store type])—and include details in the certificate history comments.
• Certificate Renewals—A history entry is made each time a certificate is renewed or reissued. The certificate renewal history record appears on both the old certificate (renewed from) and the new renewed certificate.
• Certificate Store Inventory Discoveries—A history entry is made each time an inventory of a certificate store notices that a certificate that was in a certificate store no longer is or that a new certificate has appeared in the certificate store. These entries are referenced as Certificate Appeared ([store type]) and Certificate Disappeared ([store type]) with details in the certificate history comments.
• SSL Endpoint An endpoint is a URL that enables the API to gain access to resources on a server. Inventory Discoveries—A history entry is made each time an inventory of an SSL endpoint notices that a certificate that was at an endpoint no longer is or that a new certificate has appeared at an endpoint during a monitoring task. These entries are referenced as Certificate Appeared (SSL Sync) and Certificate Disappeared (SSL Sync) with details in the certificate history comments.
• Metadata Updated—A history entry is made each time a metadata field is updated for the certificate. The changed data will be recorded in the Comment field.