Using the Enrollment Pattern Search Feature

The search function allows you to query the database for information. The same query structure is used in multiple locations within the Keyfactor Command Management Portal.

When you first open the page, you will see the simple search option. To execute a search, select the field and comparison operators in the dropdowns and type something on which to search in the value field (if applicable). If you select an is null or is not null comparison operator, the value field will be grayed out. Click the Search button to execute the query.

Each query consists of three parts:

The available fields for querying vary depending on the area of the Management Portal in which the search is used. On this page, the queries can be done on the following built-in fields:

Complete or partial matches with allowed enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). types on the enrollment pattern.

Complete or partial matches with the security role(s) associated with the enrollment pattern.

Complete or partial matches with the logical nameClosed The logical name of a CA is the common name given to the CA at the time it is created. For Microsoft CAs, this name can be seen at the top of the Certificate Authority MMC snap-in. It is part of the FQDN\Logical Name string that is used to refer to CAs when using command-line tools and in some Keyfactor Command configuration settings (e.g. ca2.keyexample.com\Corp Issuing CA Two). of a certificate authorityClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. configured for the enrollment pattern.

Complete or partial matches with the configuration tenantClosed A grouping of CAs. The Microsoft concept of forests is not used in EJBCA so to accommodate the new EJBCA functionality, and to avoid confusion, the term forest needed to be renamed. The new name is configuration tenant. For EJBCA, there would be one configuration tenant per EJBCA server install. For Microsoft, there would be one per forest. Note that configuration tenants cannot be mixed, so Microsoft and EJBCA cannot exist on the same configuration tenant. for the templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. associated with the enrollment pattern.

Is the enrollment pattern restricted to use with a specified list of certificate authorities (true/false)?

Is the enrollment pattern the default pattern for the associated template (true/false)?

Complete or partial matches with the Display Name of the template associated with the enrollment pattern.

Complete or partial matches with the Keyfactor Command friendly name of the template associated with the enrollment pattern.

Complete or partial matches with the Keyfactor Command reference ID for the template associated with the enrollment pattern.

Complete or partial matches with the Short Name of the template associated with the enrollment pattern.

The query comparison operators vary depending on the type of field selected and the specific properties of the field. The list below shows the dropdown list comparison operators, as well as the equivalent query language syntax (in parentheses).

Most string fields (the vast majority of the built-in fields) support:

  • Is equal to (-eq)
  • Is not equal to (-ne)
  • Contains (-contains)
  • Does not contain (-notcontains)
  • Starts with (-startswith)
  • Ends with (-endswith)
  • Is null (-eq NULL)
  • Is not null (-ne NULL)

Most date and integer fields support:

  • Is equal to (-eq)
  • Is not equal to (-ne)
  • Is less than (-lt)
  • Is less than or equal to (-le)
  • Is greater than (-gt)
  • Is greater than or equal to (-ge)
  • Is null (-eq NULL)
  • Is not null (-ne NULL)

Most Boolean (true/false) fields support:

  • Is equal to (-eq)
  • Is not equal to (-ne)
  • Is null (-eq NULL)
  • Is not null (-ne NULL)

The value you enter for comparison must match the field type. For example, integer fields only support numerical values. String fields support all alphanumeric characters. Boolean fields only support True or False. The value field is not case sensitive. Date fields support only properly formatted dates and will initially display as mm/dd/yyyy. You can choose to populate the date field by:

  • Clicking in a date Value field to open a pop-up calendar to select a date that will populate the field.
  • Clicking in a segment of the date format (i.e., mm/dd/yyyy) and entering a value. As you continue to type in any one segment, the cursor will keep moving onto the next segment.

The results that match your search criteria will be displayed in the results grid below the search selection options.

On any search page you can click Advanced to the right of the Search button to display the advanced search options. Click Simple to close the advanced search options again.

Multiple Criteria

Using the advanced search options, you can build a query based on multiple criteria using AND/OR logic. As with a simple search, you select a field and comparison operator in the drop-downs and then enter a comparison value, if applicable. Click Insert to add the search criteria to the query field below the selection fields. Use the selection fields to build multiple search criteria. Each time you click the insert button, an AND is added between the previous search criteria and the newly added one. You can change the AND to an OR if desired. You can use parentheses around portions of the query along with AND/OR to change the query meaning.

For example, for certificate searches:

(CN -contains "appsrvr" AND IssuedDate -ge "01/01/2022") OR (CN -contains "appsrvr" AND TemplateShortName -contains "web")

This query will return all the certificates issued on or after January 1, 2022 with the string appsrvr in the CNClosed A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). and also all certificates issued at any time with the string appsrvr in the CN using a template referencing web. When you have entered all the desired search criteria, click Search to execute the query. If you wish to clear the query field and start over, click the Clear button.