Search for certificates based on several criteria, useful as prestage for
duplicate/renewal check or for bulk actions. The result is a list of
identifiers written to context defined by target_key.
See the parameter section for available filters.
- The realm to search in, default is the current realm, _any searches
- The tenant to search for, the default is to use the tenant of the current
- The profile of the certificate, default is all profiles.
- Boolean, find only certificates issued within this realm. Default is
- Searches the full DN for an exact match! The '*' as wildcard is
- Searches in the SAN section, you must prefix the value with the SAN type,
e.g. DNS:www.openxpki.org or IP:184.108.40.206. There might be some difficulties
with non-ascii strings/encodings.
- The certificate identifier of the issuer
- The certificate subject_key_identifier (hex notation with colon)
- The certificate serial number (as hex with 0x prefix or integer, separator
and casing is handled internally)
- meta_*, system_*
- Lets you search for any certificate attribute having a listed prefix. You
can set the special value <undef> (including the angle
brackets) to search for rows without a certain attribute.
- Name of the context value to write the result to, the default is
cert_identifier_list resp. cert_identifier when
"limit: single" is used.
- Sort the result, accepts a single column name, optionally prefixed by
"asc" (default) or "desc" (reversed sorting)
- Limit the size of the result set. If you pass the special word
single the result is a scalar with the first identifier matching
the query. In case target_key is not set, the value is written to
- Parseable OpenXPKI::Datetime value (autodetected), certificates which are
expired after the given date are included in the report. Set to
_any to include all expired certificates. Default is not to include
- If set to a true value, certificates which are not in ISSUED state
(revoked, crl pending, on hold) are also included in the report. Default
is to show only issued certificates.
- Parseable OpenXPKI::Datetime value (autodetected) used as base for
validity calculation. Default is now.
- Parseable OpenXPKI::Datetime value (autodetected), show only certificates
where notebefore is between valid_at and this value. Relative intervals
are calculated against the given valid_at date!
- Parseable OpenXPKI::Datetime value (autodetected), show certificates where
notafter is less than value. Relative intervals are calculated against the
given valid_at date!