GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::API2::Plugin::Cert::search_cert(3) User Contributed Perl Documentation OpenXPKI::Server::API2::Plugin::Cert::search_cert(3)

OpenXPKI::Server::API2::Plugin::Cert::search_cert

Search certificates by various attributes.

Returns an ArrayRef of HashRefs. To save transport and parsing cost, the HashRefs only contain a subset of fields:

    identifier
    issuer_dn
    issuer_identifier
    cert_key
    subject
    status
    notbefore
    notafter
    pki_realm*

The field pki_realm is added if the query contains realm=_any and return_column is not set. If you want to receive another fieldset, set the field names via return_column. Extra columns available with the default schema are:

    subject_key_identifier
    authority_key_identifier
    revocation_time
    reason_code
    invalidity_time
    reason_code
    req_key
    data

Note: When cert_attributes are used to search for attributes that are not part of the return_attributes list, possible duplicate matches are eliminated using the "DISTINCT" keyword in the query. This requires that columns used to order the result set are included in the list of columns. This case is handled internally by the method but be aware that your result set can contain those columns even if not explicitly specified.

There is also a limitation for some RDBMS that BLOB columns such as data can not be used with distinct. Requesting a BLOB columns while DISTINTCT is used will result in a server side exception.

Parameters

All parameters are optional and can be used to filter the result list:

  • "pki_realm" AlphaPunct - certificate realm. Specify "_any" for a global search. Default: current session's realm
  • "tenant" Str

    Search for workflows of the given tenant, fallback to the primary tenant if not given, unfiltered search if set to the emtpy string. Mandatory if tenant mode is active.

  • "entity_only" Bool - certificate CA
  • "subject" Str - subject pattern (does an SQL LIKE search so you can use asterisk (*) as placeholder)
  • "issuer_dn" Str - issuer pattern (does an SQL LIKE search so you can use asterisk (*) as placeholder)
  • "cert_serial" IntOrHex - serial number of certificate
  • "csr_serial" Int - serial number of certificate request
  • "subject_key_identifier" Str - X.509 certificate subject identifier
  • "issuer_identifier" Base64 - issuer identifier
  • "authority_key_identifier" AlphaPunct - CA identifier
  • "identifier" Base64 - internal certificate identifier (hash of PEM)
  • "profile" ArrayOrAlphaPunct - certificate profile name
  • "valid_before" Int - certificate validity must start before this UNIX epoch timestamp
  • "valid_after" Int - certificate validity must after before this UNIX epoch timestamp
  • "expires_before" Int - certificate validity must end before this UNIX epoch timestamp
  • "expires_after" Int - certificate validity must end after this UNIX epoch timestamp
  • "revoked_before" Int - certificate revocation date is before this UNIX epoch timestamp
  • "revoked_after" Int - certificate revocation date is after this UNIX epoch timestamp
  • "invalid_before" Int - certificate invalidity date is before this UNIX epoch timestamp
  • "invalid_after" Int - certificate invalidity date is after this UNIX epoch timestamp
  • "status" CertStatus - certificate status
  • "cert_attributes" HashRef - key is attribute name, value is passed "as is" as where statement on value, see documentation of SQL::Abstract. You can search for "non existing" attributes by passing undef as value (works only as scalar value part).

    Legacy: ArrayRef - list of condition HashRefs to search in attributes (KEY, VALUE, OPERATOR). Operator can be "EQUAL", "LIKE" or "BETWEEN".

  • "limit" Int - result paging: only return the given number of results
  • "start" Int - result paging: only return entries starting at given index (can only be used if "limit" was specified)
  • "order" Str - order results by this table column (descending). Default: "notbefore" (+req_key to properly work with duplicates). Set to the empty string to return the result unsorted.
  • "reverse" Bool - order results ascending
  • "return_attributes" ArrayRefOrStr - add the given attributes as columns to the result set. Each attribute is added as extra column using the attribute name as key.

    Note: If the attribute is multivalued or you use an attribute query that causes multiple result lines for a single certificate you will get more than one line for the same certificate!

  • "return_columns" ArrayRefOrStr - set the columns from the base table that should be included in the returned hashref. By default this replaces the default columns, if you want the columns to extend the default set put the plus sign '+' as first column name. 

      return_columns => [ '+', 'subject_key_identifier, .... ]

Changes compared to API v1: The following parameters where removed in favor of "[valid|expires]_[before|after]":

    valid_at
    notbefore
    notafter

Similar to "cert_search" but only returns the number of matching rows.

Parameters

All parameters are optional and can be used to filter the result list:

see "search_cert" for parameter list (except "limit", "start", "order" and "reverse" parameters which are not used in "search_cert_count").

Changes compared to API v1: The following parameters where removed in favor of "[valid|expires]_[before|after]":

    valid_at
    notbefore
    notafter
2022-05-14 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.