The database schema of the Certification Authority database

Author Uwe GradeneggerPosted on Categories Basics, Certification Authority, Certification Authority DatabaseTags

Would you like to Queries against the Certification Authority database formulate, you must first know what you want to look for.

There is a possibility to output the database schema of the certification authority database.

The database schema can be displayed with the following command line command:

certutil -scheme

Scheme of the certificate table

The contents of the Subject Alternative Names are not stored as a column in the database table. They can only be read out by interpreting the contents of the binary stored certificate.

ColumnDisplay nameData typeMaximum lengthIndexed
Request.RequestIDRequest IDLong4Yes
Request.RawRequestBinary RequestBinary65536
Request.RawArchivedKeyArchived KeyBinary65536
Request.KeyRecoveryHashesKey Recovery Agent HashesString8192
Request.RawOldCertificateOld CertificateBinary16384
Request.RequestAttributesRequest AttributesString32768
Request.RequestTypeRequest TypeLong4
Request.RequestFlagsRequest flagsLong4
Request.StatusCodeRequest Status CodeLong4
Request.dispositionRequest dispositionLong4Yes
Request.DispositionMessageRequest Disposition MessageString8192
Request.SubmittedWhenRequest Submission DateDate8Yes
Request.ResolvedWhenRequest Resolution DateDate8Yes
Request.RevokedWhenRevocation DateDate8
Request.RevokedEffectiveWhenEffective Revocation DateDate8Yes
Request.RevokedReasonRevocation ReasonLong4
Request.RequesterNameRequester NameString2048Yes
Request.CallerNameCaller NameString2048Yes
Request.SignerPoliciesSigner PoliciesString8192
Request.SignerApplicationPoliciesSigner Application PoliciesString8192
Request.officerOfficerLong4
Request.DistinguishedNameRequest Distinguished NameString8192
Request.RawNameRequest Binary NameBinary4096
Request.CountryRequest Country/RegionString8192
Request.OrganizationRequest OrganizationString8192
Request.OrgUnitRequest Organization UnitString8192
Request.CommonNameRequest Common NameString8192
Request.LocalityRequest CityString8192
Request.StateRequest StateString8192
Request.TitleRequest TitleString8192
Request.GivenNameRequest First NameString8192
Request.InitialsRequest InitialsString8192
Request.SurNameRequest Last NameString8192
Request.DomainComponentRequest Domain ComponentString8192
Request.EMailRequest Email AddressString8192
Request.StreetAddressRequest Street AddressString8192
Request.UnstructuredNameRequest Unstructured NameString8192
Request.UnstructuredAddressRequest Unstructured AddressString8192
Request.DeviceSerialNumberRequest Device Serial NumberString8192
Request.AttestationChallengeAttestation ChallengeBinary4096
Request.EndorsementKeyHashEndorsement Key HashString144Yes
Request.EndorsementCertificateHashEndorsement Certificate HashString144Yes
RequestIDIssued Request IDLong4Yes
RawCertificateBinary CertificateBinary16384
CertificateHashCertificate HashString128Yes
CertificateTemplateCertificate TemplateString254Yes
EnrollmentFlagsTemplate Enrollment FlagsLong4
GeneralFlagsTemplate General FlagsLong4
PrivatekeyFlagsTemplate Private Key FlagsLong4
SerialNumberSerial NumberString128Yes
IssuerNameIDIssuer Name IDLong4
NotBeforeCertificate Effective DateDate8
NotAfterCertificate Expiration DateDate8Yes
SubjectKeyIdentifierIssued Subject Key IdentifierString128Yes
RawPublicKeyBinary Public KeyBinary4096
PublicKeyLengthPublic Key LengthLong4
PublicKeyAlgorithmPublic Key AlgorithmString254
RawPublicKeyAlgorithmParametersPublic Key Algorithm ParametersBinary4096
PublishExpiredCertInCRLPublish Expired Certificate in CRLLong4
UPNUser Principal NameString2048Yes
DistinguishedNameIssued Distinguished NameString8192
RawNameIssued Binary NameString4096
CountryIssued Country/RegionString8192
OrganizationIssued OrganizationString8192
OrgUnitIssued Organization UnitString8192
CommonNameIssued Common NameString8192Yes
LocalityIssued CityString8192
StateIssued StateString8192
TitleIssued TitleString8192
GivenNameIssued First NameString8192
InitialsIssued InitialsString8192
SurNameIssued Last NameString8192
DomainComponentIssued Domain ComponentString8192
EMailIssued Email AddressString8192
StreetAddressIssued Street AddressString8192
UnstructuredNameIssued Unstructured NameString8192
UnstructuredAddressIssued Unstructured AddressString8192
DeviceSerialNumberIssued Device Serial NumberString8192

Scheme of the revocation list table

ColumnDisplay nameData typeMaximum lengthIndexed
CRLRowIdCRL Row IDLong4Yes
CRLNumberCRL NumberLong4Yes
CRLMinBaseCRL Minimum Base NumberLong4
CRLNameIdCRL Name IDLong4
CRLCountCRL CountLong4
CRLThisUpdateCRL This UpdateDate8
CRLNextUpdateCRL Next UpdateDate8Yes
CRLThisPublishCRL This PublishDate8
CRLNextPublishCRL Next PublishDate8Yes
CRLEffectiveCRL EffectiveDate8
CRLPropagationCompleteCRL Propagation CompleteDate8Yes
CRLLastPublishedCRL Last PublishedDate8Yes
CRLPublishAttemptsCRL Publish AttemptsLong4Yes
CRLPublishFlagsCRL Publish FlagsLong4
CRLPublishStatusCodeCRL Publish Status CodeLong4Yes
CRLPublishErrorCRL Publish Error InformationString8192
CRLRawCRLCRL Raw CRLBinary536870912

Related links:



en_USEnglish
de_DEDeutsch en_USEnglish