Revoked Certificates in Certificate Stores

The Revoked Certificates in Certificate Stores report displays a table of all certificates that have been revoked, either in Keyfactor Command or externally, that are found in at least one certificate store or SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. scan location, and for which the revocation effective date is less than or equal to the date and time when the report is run (not in the future). The report is included in the report manager Certificate Locations and Certificate Lifecycle categories.

The export options for the Revoked Certificates in Certificate Stores report are CSV and Excel.

The report table includes these fields:

Certificate CN A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com).

The common name A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). of the certificate.
Thumbprint

The thumbprint of the certificate.
User

The username (DOMAIN\username format) of the user who revoked the certificate.
Expiration Date (UTC)

The date on which the certificate expires.
Issued Date (UTC)

The date on which the certificate became valid (typically the issuance date).
Template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. Name

The certificate template used to issue the certificate.

SSL Location

The DNS The Domain Name System is a service that translates names into IP addresses. name(s) resolved for the IP address(es) where the certificate was found on an SSL scan. Due to query constraints, the maximum length of text allowed in each of these fields is 10,000 characters.
Cert Store Location

The name(s) of the server(s) on which the certificate is found in one or more certificate stores and the location of the certificate store(s). The format of this value will vary depending on the type of certificate store. Due to query constraints, the maximum length of text allowed in each of these fields is 10,000 characters.
Revocation Date (UTC)

The date on which the certificate was revoked in UTC.
Revocation Reason

The reason given for the certificate revocation.
Revocation Comment
The comment entered at revocation.

Column handling on this report grid has the following features:

To change the width of a column of the report, hover over the triangle of dots on the right side of the selected column header (). Click, hold and drag the triangle to change the width of the column.
To rearrange columns on the report display, hover over the rectangle of dots on the left side of the selected column header (). Click, hold, and drag the rectangle to move the column to your selected location.
Most columns can be sorted in ascending order by clicking on the header of the column. Click the column header again to reverse the sort order. When a column is sorted, a caret will appear at the end of the column name showing the direction of the sort. Lack of a triangle indicates the report is sorted by the default column and order.

This report takes as an input parameter A parameter or argument is a value that is passed into a function in an application. the certificate collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). to report on, including the built-in All Certificates collection. The default is All Certificates.

Tip: If you Save a new certificate collection, or Save a change to an existing certificate collection, that change will be immediately reflected in the collection data used to display certificate collections on dashboards and reports. The data used by the dashboards and reports is stored in an intermediate table that is updated immediately. It will also continue to be updated periodically (approximately every 20 minutes by default as configured by the Dashboard Collection Caching Interval application setting) by the Keyfactor Command Service (see Application Settings: Console Tab).

Note: By default, this report is configured not to appear on the top menu under Reports and can be found only in Report Manager. You can change this by modifying the Show in Navigator setting (see Report Manager Operations).

Note: This report is limited to a maximum of 100,000 revoked certificates in certificate stores on which to report. Selecting a certificate collection containing more certificates than this will result in an error.

Version v12.3

On this page: