Certificate Management¶
Overview¶
The Certificates page provides a centralized view of all X.509 digital certificates issued by the platform's Certificate Authorities. Each certificate contains a subject Distinguished Name (DN), issuer DN, serial number, validity period, and other X.509 extensions.
Certificates are linked to the product and CA that issued them. Use this page to browse, search, and inspect certificates across all products, and to check their revocation status.
Quick navigation
Use the search and filter tools to locate specific certificates by serial number, subject DN, or other attributes. Expand a row to see full certificate details including the issuing CA and product information.
Search & Filter¶
The certificates list supports powerful filtering to help you locate specific certificates in large inventories.
Available Filters¶
| Filter | Description | Example |
|---|---|---|
| Subject DN | Filter by the certificate subject's Distinguished Name or any of its components (Organization, Country, Common Name, etc.) | CN=device-001 |
| Issuer DN | Filter by the issuing Certificate Authority's Distinguished Name | O=Laavat |
| Serial Number | Search by the unique certificate serial number | 3A:B7:2C:... |
| Revocation Status | Filter to show only revoked or only active certificates | Revoked / Active |
| Validity Dates | Filter by the Not Before or Not After dates to find certificates issued or expiring within a range | 2025-01-01 to 2025-12-31 |
| Subject Key Identifier | Filter by the SKI extension value, which uniquely identifies the certificate's public key | AB:CD:EF:... |
Using Filters¶
- Open the filter panel above the certificate list.
- Select the filter field you want to use.
- Enter the filter value or select from the available options.
- The certificate list updates automatically to show matching results.
- Combine multiple filters to narrow results further.
Wildcard search
Partial matches are supported for text fields like Subject DN and Issuer DN. You do not need to enter the complete value to find results.
Revocation Status¶
Each certificate displays its current revocation status in the list view:
| Status | Description |
|---|---|
| Active | The certificate is valid and has not been revoked. |
| Revoked | The certificate has been revoked and appears in the Certificate Revocation List (CRL). |
Actions¶
- Active certificates can be revoked via the actions menu on the certificate row. See Certificate Revocation for details on the revocation process and available reasons.
- Revoked certificates that were revoked with the Certificate Hold reason can be unrevoked to restore them to active status.
Certificate Details¶
Expand a certificate row to view full details:
| Field | Description |
|---|---|
| Serial Number | The unique identifier assigned by the issuing CA |
| Subject DN | The full Distinguished Name of the certificate subject |
| Issuer DN | The full Distinguished Name of the issuing CA |
| Not Before | The start of the certificate's validity period |
| Not After | The end of the certificate's validity period |
| Key Algorithm | The public key algorithm (RSA, ECDSA) |
| Signature Algorithm | The algorithm used to sign the certificate |
| Subject Key Identifier | The SKI extension value |
| Authority Key Identifier | The AKI extension linking to the issuer's key |
| Product | The product associated with the issuing CA |
| CA Name | The name of the Certificate Authority that issued the certificate |
Linking to revocation
From the certificate detail view, you can navigate directly to the revocation page to revoke a specific certificate. The serial number and CA context are carried over automatically.
Troubleshooting¶
| Issue | Possible Cause | Resolution |
|---|---|---|
| No certificates appear in the list | No certificates have been issued yet, or the current user lacks the required CA Read permissions | Verify that certificates have been issued and that your account has the CA Read security group |
| Filter returns no results | The filter criteria are too narrow or the values do not match any certificates | Broaden the filter or check the filter values for typos |
| Revocation status not updating | The CRL has not been republished since the last revocation action | Wait for the next CRL publication cycle |
| Cannot see certificate details | The certificate row may not support expansion, or a UI loading error occurred | Refresh the page and try again |