Browsing certificates

PKIaaS keeps track of all the issued certificates. That is:

• The certificates manually issued as explained in:
  • Issuing a certificate from CSR
  • Issuing a certificate in a PKCS #12
• The certificates automatically enrolled as explained in:
  • Automating ACME enrollment
  • Automating MDM Intune enrollment
  • Automating MDM Jamf enrollment
  • Automating MDM Workspace ONE enrollment
  • Automating MDM Ivanti enrollment
  • Automating MDM IBM MaaS360 enrollment

See below to browse and inspect the details of all these certificates.

To browse certificates:

1. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of the roles described under Role permissions.

2. Click Certificate Authorities in the sidebar.

   

3. In the Certificate Authorities tab, click the name of a certificate authority to display the list of issued certificates.

   

4. In the search box, enter a search key or click the three dots "…" and select a predefined filter.

   • Expires in 7 days
   • Expires in 30 days
   • Expired Certificates

5. In the certificate grid, click the three dots "…" to the right of a certificate and select View Certificate.

   

6. Check the following certificate details.

   • Status
   • Profile ID
   • Serial Number
   • Issuer
   • Valid From
   • Expiry Date
   • Public Key Type
   • Signature Algorithm
   • Subject Alternative Names
   • Basic Constraints
   • Key Usages
   • Extended Key Usages
   • Authority Info Access OCSP
   • Authority Info Access CA Issuers
   • Authority Key Identifier
   • Subject Key Identifier
   • CRL Distribution Points
   • Certificate Policies

   ---

   ℹ See RFC 5280 for more details on the standard certificate extensions.

   ---

Status

The validity status of the certificate.

See Changing the certificate status for how to change the validity status of a certificate.

Profile ID

The certificate profile selected when issuing the certificate.

Serial Number

The serial number (SN) of the issued certificate.

Issuer

The subject distinguished name of the CA certificate used to issue the certificate.

Valid From

The time and date when the certificate was issued.

Expiry Date

The expiry date selected when issuing the certificate.

Public Key Type

The type and size of the certificate public key.

Signature Algorithm

The hash and encryption algorithms used to sign the certificate.

Subject Alternative Names

The Subject Alternative Names (SAN) selected when issuing the certificate.

Basic Constraints

The type of holder to whom the certificate has been issued.

Key Usages

The purpose of the key contained in the certificate – for example:

• encipherment
• signature
• certificate signing

Extended Key Usages

One or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes indicated in the Key Usage extension.

Authority Info Access OCSP

The URL of the OCSP service for checking the certificate validity status.

ℹ This value is set to Undefined when this service is not enabled for the CA.

Authority Info Access CA Issuers

Information for accessing the information service of the CA that issued the certificate.

ℹ This value is set to Undefined when this service is not enabled for the CA.

Authority Key Identifier

The identifier of the public key corresponding to the private key used to sign the certificate.

Subject Key Identifier

The identifier of the certificate public key.

CRL Distribution Points

The URLs for downloading the CRLs (Certificate Revocation Lists) generated by the CA that issued the certificate.

ℹ This value is set to Undefined when the CRL service is not enabled for the CA.

Certificate Policies

A sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers.