Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Docs
Stories
News Ask around Meetups Schedule a demo Share your story COMPANY The handbook Testimonials
Pricing Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

curl_certificate

click to open the table of contents
macOS logo Windows logo Linux logo

curl​_certificate

Inspect TLS certificates by connecting to input hostnames.

Column Type Description
authority_key_identifier text Authority Key Identifier
basic_constraint text Basic Constraints
common_name text Common name of company issued to
dump_certificate integer Set this value to '1' to dump certificate
Not returned in SELECT * FROM curl_certificate.
extended_key_usage text Extended usage of key in certificate
has_expired integer 1 if the certificate has expired, 0 otherwise
hostname text Hostname to CURL (domain[:port], e.g. osquery.io)
Required in WHERE clause
info_access text Authority Information Access
issuer_alternative_names text Issuer Alternative Name
issuer_common_name text Issuer common name
issuer_organization text Issuer organization
issuer_organization_unit text Issuer organization unit
key_usage text Usage of key in certificate
name_constraints text Name Constraints
organization text Organization issued to
organization_unit text Organization unit issued to
pem text Certificate PEM format
policies text Certificate Policies
policy_constraints text Policy Constraints
policy_mappings text Policy Mappings
serial_number text Certificate serial number
sha1_fingerprint text SHA1 fingerprint
sha256_fingerprint text SHA-256 fingerprint
signature text Signature
signature_algorithm text Signature Algorithm
subject_alternative_names text Subject Alternative Name
subject_info_access text Subject Information Access
subject_key_identifier text Subject Key Identifier
timeout integer Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)
Not returned in SELECT * FROM curl_certificate.
valid_from text Period of validity start date
valid_to text Period of validity end date
version integer Version Number

Example

Identify the certificates being served to osquery clients. This can allow you to detect machines that are behind a proxy or firewall attempting to decrypt TLS, maliciously or not.

SELECT issuer_organization, signature, sha256_fingerprint FROM curl_certificate WHERE hostname='google.com';
Edit page

Questions?

Ask us anything
{{table.title}} evented table