Would you like to Queries against the Certification Authority database formulate, you must first know what you want to look for.
There is a possibility to output the database schema of the certification authority database.
The database schema can be displayed with the following command line command:
certutil -scheme
Scheme of the certificate table
The contents of the Subject Alternative Names are not stored as a column in the database table. They can only be read out by interpreting the contents of the binary stored certificate.
Column | Display name | Data type | Maximum length | Indexed |
---|---|---|---|---|
Request.RequestID | Request ID | Long | 4 | Yes |
Request.RawRequest | Binary Request | Binary | 65536 | |
Request.RawArchivedKey | Archived Key | Binary | 65536 | |
Request.KeyRecoveryHashes | Key Recovery Agent Hashes | String | 8192 | |
Request.RawOldCertificate | Old Certificate | Binary | 16384 | |
Request.RequestAttributes | Request Attributes | String | 32768 | |
Request.RequestType | Request Type | Long | 4 | |
Request.RequestFlags | Request flags | Long | 4 | |
Request.StatusCode | Request Status Code | Long | 4 | |
Request.disposition | Request disposition | Long | 4 | Yes |
Request.DispositionMessage | Request Disposition Message | String | 8192 | |
Request.SubmittedWhen | Request Submission Date | Date | 8 | Yes |
Request.ResolvedWhen | Request Resolution Date | Date | 8 | Yes |
Request.RevokedWhen | Revocation Date | Date | 8 | |
Request.RevokedEffectiveWhen | Effective Revocation Date | Date | 8 | Yes |
Request.RevokedReason | Revocation Reason | Long | 4 | |
Request.RequesterName | Requester Name | String | 2048 | Yes |
Request.CallerName | Caller Name | String | 2048 | Yes |
Request.SignerPolicies | Signer Policies | String | 8192 | |
Request.SignerApplicationPolicies | Signer Application Policies | String | 8192 | |
Request.officer | Officer | Long | 4 | |
Request.DistinguishedName | Request Distinguished Name | String | 8192 | |
Request.RawName | Request Binary Name | Binary | 4096 | |
Request.Country | Request Country/Region | String | 8192 | |
Request.Organization | Request Organization | String | 8192 | |
Request.OrgUnit | Request Organization Unit | String | 8192 | |
Request.CommonName | Request Common Name | String | 8192 | |
Request.Locality | Request City | String | 8192 | |
Request.State | Request State | String | 8192 | |
Request.Title | Request Title | String | 8192 | |
Request.GivenName | Request First Name | String | 8192 | |
Request.Initials | Request Initials | String | 8192 | |
Request.SurName | Request Last Name | String | 8192 | |
Request.DomainComponent | Request Domain Component | String | 8192 | |
Request.EMail | Request Email Address | String | 8192 | |
Request.StreetAddress | Request Street Address | String | 8192 | |
Request.UnstructuredName | Request Unstructured Name | String | 8192 | |
Request.UnstructuredAddress | Request Unstructured Address | String | 8192 | |
Request.DeviceSerialNumber | Request Device Serial Number | String | 8192 | |
Request.AttestationChallenge | Attestation Challenge | Binary | 4096 | |
Request.EndorsementKeyHash | Endorsement Key Hash | String | 144 | Yes |
Request.EndorsementCertificateHash | Endorsement Certificate Hash | String | 144 | Yes |
RequestID | Issued Request ID | Long | 4 | Yes |
RawCertificate | Binary Certificate | Binary | 16384 | |
CertificateHash | Certificate Hash | String | 128 | Yes |
CertificateTemplate | Certificate Template | String | 254 | Yes |
EnrollmentFlags | Template Enrollment Flags | Long | 4 | |
GeneralFlags | Template General Flags | Long | 4 | |
PrivatekeyFlags | Template Private Key Flags | Long | 4 | |
SerialNumber | Serial Number | String | 128 | Yes |
IssuerNameID | Issuer Name ID | Long | 4 | |
NotBefore | Certificate Effective Date | Date | 8 | |
NotAfter | Certificate Expiration Date | Date | 8 | Yes |
SubjectKeyIdentifier | Issued Subject Key Identifier | String | 128 | Yes |
RawPublicKey | Binary Public Key | Binary | 4096 | |
PublicKeyLength | Public Key Length | Long | 4 | |
PublicKeyAlgorithm | Public Key Algorithm | String | 254 | |
RawPublicKeyAlgorithmParameters | Public Key Algorithm Parameters | Binary | 4096 | |
PublishExpiredCertInCRL | Publish Expired Certificate in CRL | Long | 4 | |
UPN | User Principal Name | String | 2048 | Yes |
DistinguishedName | Issued Distinguished Name | String | 8192 | |
RawName | Issued Binary Name | String | 4096 | |
Country | Issued Country/Region | String | 8192 | |
Organization | Issued Organization | String | 8192 | |
OrgUnit | Issued Organization Unit | String | 8192 | |
CommonName | Issued Common Name | String | 8192 | Yes |
Locality | Issued City | String | 8192 | |
State | Issued State | String | 8192 | |
Title | Issued Title | String | 8192 | |
GivenName | Issued First Name | String | 8192 | |
Initials | Issued Initials | String | 8192 | |
SurName | Issued Last Name | String | 8192 | |
DomainComponent | Issued Domain Component | String | 8192 | |
Issued Email Address | String | 8192 | ||
StreetAddress | Issued Street Address | String | 8192 | |
UnstructuredName | Issued Unstructured Name | String | 8192 | |
UnstructuredAddress | Issued Unstructured Address | String | 8192 | |
DeviceSerialNumber | Issued Device Serial Number | String | 8192 |
Scheme of the revocation list table
Column | Display name | Data type | Maximum length | Indexed |
---|---|---|---|---|
CRLRowId | CRL Row ID | Long | 4 | Yes |
CRLNumber | CRL Number | Long | 4 | Yes |
CRLMinBase | CRL Minimum Base Number | Long | 4 | |
CRLNameId | CRL Name ID | Long | 4 | |
CRLCount | CRL Count | Long | 4 | |
CRLThisUpdate | CRL This Update | Date | 8 | |
CRLNextUpdate | CRL Next Update | Date | 8 | Yes |
CRLThisPublish | CRL This Publish | Date | 8 | |
CRLNextPublish | CRL Next Publish | Date | 8 | Yes |
CRLEffective | CRL Effective | Date | 8 | |
CRLPropagationComplete | CRL Propagation Complete | Date | 8 | Yes |
CRLLastPublished | CRL Last Published | Date | 8 | Yes |
CRLPublishAttempts | CRL Publish Attempts | Long | 4 | Yes |
CRLPublishFlags | CRL Publish Flags | Long | 4 | |
CRLPublishStatusCode | CRL Publish Status Code | Long | 4 | Yes |
CRLPublishError | CRL Publish Error Information | String | 8192 | |
CRLRawCRL | CRL Raw CRL | Binary | 536870912 |