Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Get started Guides Vitals Queries Policies Software Data tables API SUPPORT Chat Contribute Release notes "Why is Fleet on my computer?" Get your license
Stories
What people are saying News Ask around Take a tour Meetups COMPANY Origins   (Fleet & osquery) The handbook Logos/artwork Why open source?
Pricing Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

certificates

click to open the table of contents

certificates

Certificate authorities installed in Keychains/ca-bundles.

Column Type Description
authority_key_id text AKID an optionally included SHA1
ca integer 1 if CA: true (certificate is an authority) else 0
common_name text Certificate CommonName
issuer text Certificate issuer distinguished name (deprecated, use issuer2)
issuer2 text Certificate issuer distinguished name
Only available on Linux and macOS
key_algorithm text Key algorithm used
key_strength text Key size used for RSA/DSA, or curve name
key_usage text Certificate key usage and extended key usage
not_valid_after text Certificate expiration data
not_valid_before text Lower bound of valid date
path text Path to Keychain or PEM bundle
self_signed integer 1 if self-signed, else 0
serial text Certificate serial number
sha1 text SHA1 hash of the raw certificate contents
sid text SID
Only available on Windows
signing_algorithm text Signing algorithm used
store text Certificate system store
Only available on Windows
store_id text Exists for service/user stores. Contains raw store id provided by WinAPI.
Only available on Windows
store_location text Certificate system store location
Only available on Windows
subject text Certificate distinguished name (deprecated, use subject2)
subject2 text Certificate distinguished name
Only available on Linux and macOS
subject_key_id text SKID an optionally included SHA1
username text Username
Only available on Windows

Example

Replace 1QAZ2WSX with your Apple Developer ID, if you have one. This query will then let you identify Macs that have a copy of your code signing and notarization certificates.

SELECT * FROM certificates WHERE common_"name" LIKE '%%1QAZ2SWX%%';
Edit page

Need more help?

Slack logo Ask the community on Slack
{{table.title}} evented table