This section documents the structure and fields available in TLS certificate data. Each certificate record contains comprehensive metadata including subject and issuer information, validity periods, cryptographic details, and security extensions.
The following fields can only be searched on the Professional, Enterprise, and Ultimate plans.
| Field Name | Type | Field semantics, features, & notes |
|---|---|---|
authority.key_id | keyword | Unique identifier of the CA's signing key |
ext_key_usage | keyword | Extended key usage restrictions and permitted applications |
issuer.c | keyword | ISO 3166-1 2-letter ISO country code of the Certificate Authority |
issuer.cn | keyword | Common name of the Certificate Authority that issued the certificate |
issuer.dn | text | Complete distinguished name of the Certificate Authority |
issuer.dn.keyword | keyword | Complete distinguished name of the Certificate Authority (analyzed as keyword) |
issuer.l | keyword | Location / City of the Certificate Authority that issued the certificate |
issuer.o | text | Organization name of the Certificate Authority |
issuer.o.keyword | keyword | Organization name of the Certificate Authority (analyzed as keyword) |
issuer.ou | text | Organizational unit within the Certificate Authority |
issuer.ou.keyword | keyword | Organizational unit within the Certificate Authority (analyzed as keyword) |
issuer.st | keyword | State / Locality of the Certificate Authority that issued the certificate |
key_usage | keyword | Permitted cryptographic operations for the certificate's key |
pubkey.algo | keyword | Public key algorithm type (RSA, ECDSA, etc.) |
pubkey.sha256 | keyword | SHA256 fingerprint of the certificate's public key |
sans.dns | domain | DNS names in SAN extension |
sans.email | keyword | Email addresses in the SAN extension |
sans.dns_count | integer | Number of DNS names listed in the Subject Alternative Names extension |
serial | keyword | Serial number of the certificate |
sha1 | keyword | SHA1 hash fingerprint of the entire certificate |
sha256 | keyword | SHA256 hash fingerprint of the entire certificate |
sha256_tbs_noct | keyword | SHA256 hash of the certificate's To-Be-Signed portion excluding Certificate Transparency extensions |
signature_algo | keyword | Cryptographic algorithm used to sign the certificate |
source | keyword | Origin or collection method used to obtain the certificate |
subject.c | keyword | ISO 3166-1 2-letter country code of the certificate subject |
subject.cn | domain | Common name, typically the domain name or entity identifier |
subject.dn | text | Complete distinguished name containing all subject identity attributes |
subject.dn.keyword | keyword | Complete distinguished name containing all subject identity attributes (analyzed as keyword) |
subject.key_id | keyword | Unique identifier for the subject's public key |
subject.l | keyword | Locality or city name of the certificate subject |
subject.o | text | Organization name that owns the certificate |
subject.o.keyword | keyword | Organization name that owns the certificate (analyzed as keyword) |
subject.ou | text | Organizational unit of certificate owner |
subject.ou.keyword | keyword | Organizational unit of certificate owner (analyzed as keyword) |
subject.st | keyword | State or province name of the certificate subject |
tags | keyword | Metadata labels or categories applied to the certificate record (e.g. precert, cn_not_in_sans) |
valid.days | integer | Number of days the certificate is valid for |
valid.from | date | Start date and time when the certificate becomes valid |
valid.seconds | integer | Number of seconds the certificate remains valid |
valid.to | date | End date and time when the certificate expires |