A-SIT Secure Information Technology Center – Austria

Search (LDAP)

The Certificate Status Tool integrates an LDAP search functionality. This feature is designed to conveniently search for and directly validate certificates. Both subject names and certificate serial numbers can be used to form a search request. The specified request is sent to all configured LDAP services (see Configuration).

The input fields Firstname and Lastname shown in the main application window can be used to specify the name of a certificate subject to search for. Alternatively, the serial number can be entered directly into the input field labelled Serial number to retrieve information about a specific certificate. A search query is executed by pressing the Search button.

The asterisk (*) character can be used as a placeholder to construct fuzzy queries. To issue an exact search, the entered terms should be enclosed in quotation marks ("). Doing so makes it possible to query for subjects having only the specified name(s) (as opposed to including subjects with additional first and/or last names).

Examples

• Search for a known name: In case the full name of a subject is known, it should be entered as is. For example: first name Max, last name Mustermann. The Certificate Status Tool automatically transforms this into a query for Max*Mustermann. The results encompass all certificates issued to subjects whose names start with Max and end with Mustermann such as Maximilian Mustermann.
• Search for partial last names such as: first name Max, last name Must*. This results in a query for Max*Must*. The results encompass all certificates issued to subjects whose first names start with Max and whose last names contain Must.
• Exact search for Max Mann: Both first and last name need to be enclosed in quotation marks; first name "Max", last name "Mann".
• Search for a certificate with a known serial number. The complete serial number should be entered into the Serial number input field. In case the hexadecimal representation of a serial number is entered, the corresponding checkbox needs to be ticked.

Hints

Some LDAP services (such as the A-Trust LDAP service) manage serial numbers as a numeric field. Numeric fields do not support the use of placeholders.

LDAP services are case-insensitive.

Note: The time an LDAP query takes to complete depends on the number of results and the network connection. To shorten this time, queries should be specified as precisely as possible. Issuing an exact search further speeds up this process.

The list of configured LDAP services is shown in the configuration dialogue and can be edited at any time (see Configuration).

Search Results

Search results are shown in table below the input form.

The first column indicates the name of the subject (common name, CN). The second column shows the serial number and the next columns indicate the issuer of the certificate (Issuer Distinguished Name, IssuerDN) and the expiration date. In case automatic validation is enabled, the validation status is also present.