Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Database Search Options

The Database Search page contains several options that can be used to define the search.

Text Search

Using the Text search field is straightforward for anyone who has used a common web search engine. However, there are some differences.

All white-space-separated words in the field are by default and'ed together. This means that only those objects that contain all of the searched words are shown in the search result. This behavior can be changed by setting the pop up menu on the right side of the text field from Match all to Match some.

Figure : You can use the '+' and '-' operands to further define the search results

In the Match some mode all objects containing some of the searched for words are matched. Some individual words can be required to be in the result set by preceding them with a plus sign (+). In both modes a minus sign (-) can be used to restrict the result set by excluding any objects containing certain words.

    quick brown +fox -dog

For example, the above string in the Match all mode matches the objects which have all of the three words quick, brown, and fox, but not dog.

In the Match some mode all of the objects containing the word fox but not the word dog are matched. If the result set is not sorted in time order, objects containing quick or brown would be shown before the other results. Note that both of the '+' and '-' operators must have a space before them and that they must be directly followed by the operand.

Object Status

By using the Object status switch, the search can be restricted to only those objects that have the specified status. The object status can be one of the following:

  • Certificate requests: pending, postponed, accepted, rejected, or approved
  • Certificates: active, expired, revoked, or hold
  • Entities: active or inactive

Note that this selection is used only if object type is also specified, because status is type-specific.

Publish Status

Certificates can also be searched according to their publishing status. This allows the operator to check if some certificates have failed to publish correctly.

The following publishing statuses are used in SSH Tectia Certifier:

  • Pending: The publishing is in progress. This status may also appear, for example, in case of certificates issued through CMP that are specifically requested not to be published.
  • Ready: The certificate has been published correctly.
  • Error: Some of the required publishing methods have failed to publish the certificate.

Object Type

The Object type option can be used to search for certain kinds of objects, for example, certification requests. The effects of later search parameters can also differ depending on the selected object type. Some parameters have an effect only when a specific object type is selected.

The available object types are certificate request, certificate, entity, and log entry.

Select CA

Figure : The Select CA option specifies the CA name

The Select CA option can be used to restrict certificate searches to certificates which are issued by a certain CA. Also certification requests can be selected by their CA, if they have such associated.

If the CA hierarchy of the PKI contains more than two levels, the Select CA drop-down list does not display all CAs. The names of the first level sub-CAs are displayed immediately after their top-level CAs, and they are preceded by a plus sign (+). If a sub CA has further (level-2) sub-CAs, their names are preceded by two plus signs (++). If there are several level-2 sub-CAs under one level-1 sub-CA, only their number is shown (in square brackets). The sub-CA list can be expanded by selecting a sub-CA and clicking Refresh.

In the resulting list, only the sub-CAs are displayed and if they have sub-CAs of their own, the names of the lower-level sub-CAs are preceded by plus signs. To return the list to the top level, click Reset.

Time Period

The Time period fields are used to restrict certificate and certification request searches. In certificates the time period matches with the certificate's validity period.

Figure : The time period can be either strict or exclusive

The time format depends on the operator-specific settings. See Section Editing the Operator Information. Either the Time period start option or the Time period end option can be left out. In this case the search will be open ended in that direction.

Certificates can use either strict (inclusive) period or exclusive periods. In inclusive mode the validity period must be fully contained in the given time period. In exclusive mode a certificate will match if even a portion of its validity period matches with the given time period.

Certification requests do not have validity periods in the same sense as certificates do. In their case, this option is interpreted according to the time the request was received. Defining a time period allows the operator to search all requests that arrived during that period. Using strict time period matching does not affect certification request searches.

Time period also affects log event searches, in which case only events that happened during the given period are shown.

Sort Order

The sort order of the result can be changed by selecting the options Sort by time values and Sort in reverse order.

All objects have some kind of a primary time stamp. With certificates, it is the time when the certificate was issued. With certification requests, it is the time the request was received. Entities are sorted according to the creation time, and log events are sorted according to their time stamp.

If the Sort by time values option is selected, objects are sorted with this primary time stamp. Otherwise they are generally sorted by their internal database ID number. When doing a free-text search with multiple words, however, the matches with most 'hits' are shown first.


The search can also be restricted by entity. This can be done with the Bind search to entity text field. Write the entity search string (for example, the name of the entity) on the text field.

Figure : Selecting the entity

When you click the Search button, the page is updated and the text field is replaced with a drop-down list showing the names of all entities that matched the given search string. Now all certificate and certification request searches are restricted to those objects that belong to the selected entity. This restriction can be removed by clicking the Change button.

Search with...

You can also specify the Serial Number, Reference Number, Pre-Shared key, Request Poll ID, or Internal Object ID of the object you want to display. Select the type of identification and the format of the number from the drop-down lists and type the identification in the field. The identification can be specified in either decimal (DEC), hexadecimal (HEX), octal (OCT) or binary (BIN) format.

Number of Results Shown

To restrict the maximum number of displayed search results per page, type in the desired number in the Number of results shown field.

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now