Skip to main content
POST
/
api
/
v1
/
projects
/
{projectId}
/
certificates
/
search
cURL
curl --request POST \
  --url https://us.infisical.com/api/v1/projects/{projectId}/certificates/search \
  --header 'Content-Type: application/json' \
  --data '
{
  "friendlyName": "<string>",
  "commonName": "<string>",
  "offset": 0,
  "limit": 25,
  "forPkiSync": false,
  "search": "<string>",
  "status": "<string>",
  "profileIds": [
    "3c90c3cc-0d44-4b50-8888-8dd25736052a"
  ],
  "fromDate": "2023-11-07T05:31:56Z",
  "toDate": "2023-11-07T05:31:56Z",
  "metadata": [
    {
      "key": "<string>",
      "value": "<string>"
    }
  ],
  "extendedKeyUsage": "<string>",
  "keyAlgorithm": "<string>",
  "signatureAlgorithm": "<string>",
  "keySizes": [
    123
  ],
  "caIds": [
    "3c90c3cc-0d44-4b50-8888-8dd25736052a"
  ],
  "enrollmentTypes": [
    "<string>"
  ],
  "source": "<string>",
  "notAfterFrom": "2023-11-07T05:31:56Z",
  "notAfterTo": "2023-11-07T05:31:56Z",
  "notBeforeFrom": "2023-11-07T05:31:56Z",
  "notBeforeTo": "2023-11-07T05:31:56Z",
  "sortBy": "notAfter",
  "sortOrder": "asc"
}
'
{
  "certificates": [
    {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "createdAt": "2023-11-07T05:31:56Z",
      "updatedAt": "2023-11-07T05:31:56Z",
      "status": "<string>",
      "serialNumber": "<string>",
      "friendlyName": "<string>",
      "commonName": "<string>",
      "notBefore": "2023-11-07T05:31:56Z",
      "notAfter": "2023-11-07T05:31:56Z",
      "projectId": "<string>",
      "hasPrivateKey": true,
      "caId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "revokedAt": "2023-11-07T05:31:56Z",
      "revocationReason": 123,
      "altNames": "<string>",
      "caCertId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "certificateTemplateId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "keyUsages": [
        "<string>"
      ],
      "extendedKeyUsages": [
        "<string>"
      ],
      "pkiSubscriberId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "profileId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "renewBeforeDays": 123,
      "renewedFromCertificateId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "renewedByCertificateId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "renewalError": "<string>",
      "keyAlgorithm": "<string>",
      "signatureAlgorithm": "<string>",
      "subjectOrganization": "<string>",
      "subjectOrganizationalUnit": "<string>",
      "subjectCountry": "<string>",
      "subjectState": "<string>",
      "subjectLocality": "<string>",
      "fingerprintSha256": "<string>",
      "fingerprintSha1": "<string>",
      "isCA": true,
      "pathLength": 123,
      "source": "<string>",
      "discoveryMetadata": null,
      "externalMetadata": null,
      "caName": "<string>",
      "profileName": "<string>",
      "enrollmentType": "<string>"
    }
  ],
  "totalCount": 123
}

Path Parameters

projectId
string
required

Body

application/json
friendlyName
string

The friendly name of the certificate to filter by.

commonName
string

The common name of the certificate to filter by.

offset
number
default:0

The offset to start from. If you enter 10, it will start from the 10th certificate.

Required range: x >= 0
limit
number
default:25

The number of certificates to return.

Required range: 1 <= x <= 100
forPkiSync
boolean
default:false

Retrieve only certificates available for PKI sync.

search
string

Search by SAN, CN, certificate ID, or serial number.

status
string

Filter by certificate status.

profileIds
string<uuid>[]

Filter by certificate profile IDs.

fromDate
string<date-time>

Filter certificates created from this date.

toDate
string<date-time>

Filter certificates created until this date.

metadata
object[]

Filter by metadata key-value pairs. Each entry should have a key (required) and optionally a value to match against.

extendedKeyUsage
string

Filter by extended key usage. Only certificates containing this EKU will be returned (e.g. 'codeSigning', 'serverAuth').

keyAlgorithm

Filter by key algorithm (e.g. 'RSA_2048', 'EC_prime256v1').

signatureAlgorithm
string

Filter by signature algorithm (e.g. 'RSA-SHA256', 'ECDSA-SHA256').

keySizes
number[]

Filter by key sizes in bits (e.g. [2048, 4096]).

caIds
string<uuid>[]

Filter by certificate authority IDs.

enrollmentTypes
string[]

Filter by enrollment types (e.g. 'api', 'est', 'acme', 'scep').

source

Filter by certificate source ('issued', 'discovered', 'imported').

notAfterFrom
string<date-time>

Filter certificates expiring on or after this date.

notAfterTo
string<date-time>

Filter certificates expiring on or before this date.

notBeforeFrom
string<date-time>

Filter certificates issued on or after this date.

notBeforeTo
string<date-time>

Filter certificates issued on or before this date.

sortBy
enum<string>

Column to sort by (e.g. 'notAfter', 'notBefore', 'commonName').

Available options:
notAfter,
notBefore,
createdAt,
commonName,
keyAlgorithm,
status
sortOrder
enum<string>

Sort direction: 'asc' or 'desc'.

Available options:
asc,
desc

Response

Default Response

certificates
object[]
required
totalCount
number
required