Would you like to Queries against the Certification Authority database formulate, you must first know what you want to look for.
There is a possibility to output the database schema of the certification authority database.
The database schema can be displayed with the following command line command:
certutil -scheme
Scheme of the certificate table
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
The contents of the Subject Alternative Names are not stored as a column in the database table. They can only be read out by interpreting the contents of the binary stored certificate.
| Column | Display name | Data type | Maximum length | Indexed |
|---|---|---|---|---|
| Request.RequestID | Request ID | Long | 4 | Yes |
| Request.RawRequest | Binary Request | Binary | 65536 | |
| Request.RawArchivedKey | Archived Key | Binary | 65536 | |
| Request.KeyRecoveryHashes | Key Recovery Agent Hashes | String | 8192 | |
| Request.RawOldCertificate | Old Certificate | Binary | 16384 | |
| Request.RequestAttributes | Request Attributes | String | 32768 | |
| Request.RequestType | Request Type | Long | 4 | |
| Request.RequestFlags | Request flags | Long | 4 | |
| Request.StatusCode | Request Status Code | Long | 4 | |
| Request.disposition | Request disposition | Long | 4 | Yes |
| Request.DispositionMessage | Request Disposition Message | String | 8192 | |
| Request.SubmittedWhen | Request Submission Date | Date | 8 | Yes |
| Request.ResolvedWhen | Request Resolution Date | Date | 8 | Yes |
| Request.RevokedWhen | Revocation Date | Date | 8 | |
| Request.RevokedEffectiveWhen | Effective Revocation Date | Date | 8 | Yes |
| Request.RevokedReason | Revocation Reason | Long | 4 | |
| Request.RequesterName | Requester Name | String | 2048 | Yes |
| Request.CallerName | Caller Name | String | 2048 | Yes |
| Request.SignerPolicies | Signer Policies | String | 8192 | |
| Request.SignerApplicationPolicies | Signer Application Policies | String | 8192 | |
| Request.officer | Officer | Long | 4 | |
| Request.DistinguishedName | Request Distinguished Name | String | 8192 | |
| Request.RawName | Request Binary Name | Binary | 4096 | |
| Request.Country | Request Country/Region | String | 8192 | |
| Request.Organization | Request Organization | String | 8192 | |
| Request.OrgUnit | Request Organization Unit | String | 8192 | |
| Request.CommonName | Request Common Name | String | 8192 | |
| Request.Locality | Request City | String | 8192 | |
| Request.State | Request State | String | 8192 | |
| Request.Title | Request Title | String | 8192 | |
| Request.GivenName | Request First Name | String | 8192 | |
| Request.Initials | Request Initials | String | 8192 | |
| Request.SurName | Request Last Name | String | 8192 | |
| Request.DomainComponent | Request Domain Component | String | 8192 | |
| Request.EMail | Request Email Address | String | 8192 | |
| Request.StreetAddress | Request Street Address | String | 8192 | |
| Request.UnstructuredName | Request Unstructured Name | String | 8192 | |
| Request.UnstructuredAddress | Request Unstructured Address | String | 8192 | |
| Request.DeviceSerialNumber | Request Device Serial Number | String | 8192 | |
| Request.AttestationChallenge | Attestation Challenge | Binary | 4096 | |
| Request.EndorsementKeyHash | Endorsement Key Hash | String | 144 | Yes |
| Request.EndorsementCertificateHash | Endorsement Certificate Hash | String | 144 | Yes |
| RequestID | Issued Request ID | Long | 4 | Yes |
| RawCertificate | Binary Certificate | Binary | 16384 | |
| CertificateHash | Certificate Hash | String | 128 | Yes |
| CertificateTemplate | Certificate Template | String | 254 | Yes |
| EnrollmentFlags | Template Enrollment Flags | Long | 4 | |
| GeneralFlags | Template General Flags | Long | 4 | |
| PrivatekeyFlags | Template Private Key Flags | Long | 4 | |
| SerialNumber | Serial Number | String | 128 | Yes |
| IssuerNameID | Issuer Name ID | Long | 4 | |
| NotBefore | Certificate Effective Date | Date | 8 | |
| NotAfter | Certificate Expiration Date | Date | 8 | Yes |
| SubjectKeyIdentifier | Issued Subject Key Identifier | String | 128 | Yes |
| RawPublicKey | Binary Public Key | Binary | 4096 | |
| PublicKeyLength | Public Key Length | Long | 4 | |
| PublicKeyAlgorithm | Public Key Algorithm | String | 254 | |
| RawPublicKeyAlgorithmParameters | Public Key Algorithm Parameters | Binary | 4096 | |
| PublishExpiredCertInCRL | Publish Expired Certificate in CRL | Long | 4 | |
| UPN | User Principal Name | String | 2048 | Yes |
| DistinguishedName | Issued Distinguished Name | String | 8192 | |
| RawName | Issued Binary Name | String | 4096 | |
| Country | Issued Country/Region | String | 8192 | |
| Organization | Issued Organization | String | 8192 | |
| OrgUnit | Issued Organization Unit | String | 8192 | |
| CommonName | Issued Common Name | String | 8192 | Yes |
| Locality | Issued City | String | 8192 | |
| State | Issued State | String | 8192 | |
| Title | Issued Title | String | 8192 | |
| GivenName | Issued First Name | String | 8192 | |
| Initials | Issued Initials | String | 8192 | |
| SurName | Issued Last Name | String | 8192 | |
| DomainComponent | Issued Domain Component | String | 8192 | |
| Issued Email Address | String | 8192 | ||
| StreetAddress | Issued Street Address | String | 8192 | |
| UnstructuredName | Issued Unstructured Name | String | 8192 | |
| UnstructuredAddress | Issued Unstructured Address | String | 8192 | |
| DeviceSerialNumber | Issued Device Serial Number | String | 8192 |
Scheme of the revocation list table
| Column | Display name | Data type | Maximum length | Indexed |
|---|---|---|---|---|
| CRLRowId | CRL Row ID | Long | 4 | Yes |
| CRLNumber | CRL Number | Long | 4 | Yes |
| CRLMinBase | CRL Minimum Base Number | Long | 4 | |
| CRLNameId | CRL Name ID | Long | 4 | |
| CRLCount | CRL Count | Long | 4 | |
| CRLThisUpdate | CRL This Update | Date | 8 | |
| CRLNextUpdate | CRL Next Update | Date | 8 | Yes |
| CRLThisPublish | CRL This Publish | Date | 8 | |
| CRLNextPublish | CRL Next Publish | Date | 8 | Yes |
| CRLEffective | CRL Effective | Date | 8 | |
| CRLPropagationComplete | CRL Propagation Complete | Date | 8 | Yes |
| CRLLastPublished | CRL Last Published | Date | 8 | Yes |
| CRLPublishAttempts | CRL Publish Attempts | Long | 4 | Yes |
| CRLPublishFlags | CRL Publish Flags | Long | 4 | |
| CRLPublishStatusCode | CRL Publish Status Code | Long | 4 | Yes |
| CRLPublishError | CRL Publish Error Information | String | 8192 | |
| CRLRawCRL | CRL Raw CRL | Binary | 536870912 |
English 
Deutsch