Documentation Suite v11.5.4
The search function allows you to query the database for information. The same query structure is used in multiple locations within the Keyfactor Command Management Portal.
When you first open the page, you will see the simple search option. To execute a search, select the field and comparison operators in the dropdowns and type something on which to search in the value field (if applicable). If you select an is null or is not null comparison operator, the value field will be grayed out. Click the Search button to execute the query.
Each query consists of three parts:
Query Field
The available fields for querying vary depending on the area of the Management Portal in which the search is used. On this page, the queries can be done on the following built-in fields:
AgentAvailable
Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. has been approved and made available to manage certificate store jobs (true/false).
AgentID
Orchestrator Id matches or doesn’t match the entered GUID (primarily used for internally generated searches when the user is redirected here from another page).
Category
Certificate store matches or doesn’t match the referenced category. Categories include (plus categories from custom certificate store types you’ve entered):
-
Amazon Web Services
-
F5 CA Acertificate authority (CA)is an entity that issuesdigital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.Bundles REST
-
F5 SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. Profiles
-
F5 SSL Profiles REST
-
F5 Web Server
-
F5 Web Server REST
-
File Transfer Protocol
-
IIS Personal
-
IIS Revoked
-
IISRoots
-
Java Keystore A Java KeyStore (JKS) is a file containing security certificates with matching private keys. They are often used by Java-based applications for authentication and encryption.
-
NetScaler
-
PEM A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. File
See AlsoCertificate Store Discovery
ClientMachine
Complete or partial matches with the client machine(s) on which a store or stores may be found.
Container
Complete or partial matches with one or more certificate store containers.
HasInventoryScheduled
Certificate store has an inventory job scheduled (true/false).
StorePath
Complete or partial matches with the full path to a certificate store—e.g. /opt/application/mystore.crt or c:\program files\application\mystore.jks.
Comparison Operator
The query comparison operators vary depending on the type of field selected and the specific properties of the field. The list below shows the dropdown list comparison operators, as well as the equivalent query language syntax (in parentheses).
Most string fields (the vast majority of the built-in fields) support:
- Is equal to (-eq)
- Is not equal to (-ne)
- Contains (-contains)
- Does not contain (-notcontains)
- Starts with (-startswith)
- Ends with (-endswith)
- Is null (-eq NULL)
- Is not null (-ne NULL)
Most date and integer fields support:
- Is equal to (-eq)
- Is not equal to (-ne)
- Is less than (-lt)
- Is less than or equal to (-le)
- Is greater than (-gt)
- Is greater than or equal to (-ge)
- Is null (-eq NULL)
- Is not null (-ne NULL)
Most Boolean (true/false) fields support:
- Is equal to (-eq)
- Is not equal to (-ne)
- Is null (-eq NULL)
- Is not null (-ne NULL)
Comparison Value
The value you enter for comparison must match the field type. For example, integer fields only support numerical values. String fields support all alphanumeric characters. Boolean fields only support True or False. The value field is not case sensitive. Date fields support only properly formatted dates and will initially display as mm/dd/yyyy. You can choose to populate the date field by:
- Clicking in a date Value field to open a pop-up calendar to select a date that will populate the field.
- Clicking in a segment of the date format (i.e., mm/dd/yyyy) and entering a value. As you continue to type in any one segment, the cursor will keep moving onto the next segment.
The results that match your search criteria will be displayed in the results grid below the search selection options.
The search results can be sorted by clicking on a column header in the results grid for every column except Inventory Schedule and Orchestrator Available. Click the column header again to reverse the sort order. The grid columns can be arranged in any order desired by click-holding and dragging the header of the column you wish to move. The column widths may be adjusted by click-holding and dragging the line separating two column headers.
On any search page you can click Advanced to the right of the Search button to display the advanced search options. Click Simple to close the advanced search options again.
Multiple Criteria
Using the advanced search options, you can build a query based on multiple criteria using AND/OR logic. As with a simple search, you select a field and comparison operator in the drop-downs and then enter a comparison value, if applicable. Click Insert to add the search criteria to the query field below the selection fields. Use the selection fields to build multiple search criteria. Each time you click the insert button, an AND is added between the previous search criteria and the newly added one. You can change the AND to an OR if desired. You can use parentheses around portions of the query along with AND/OR to change the query meaning.
For example, for certificate searches:
(CN -contains "appsrvr" AND IssuedDate -ge "01/01/2022") OR (CN -contains "appsrvr" AND TemplateShortName -contains "web")
This query will return all the certificates issued on or after January 1, 2022 with the string appsrvr in the CN A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). and also all certificates issued at any time with the string appsrvr in the CN using a template Acertificate templatedefines the policies and rules that a CA uses when a request for acertificateis received. referencing web. When you have entered all the desired search criteria, click Search to execute the query. If you wish to clear the query field and start over, click the Clear button.
