# CA Certificates
The `CA Certificates` page provides a list of enumerated certificate authority certificates in entire Acitve Directory. The list contains the `Thumbprint`, `Root Certificate`, `In NtAuth Store` and `Subject Name` columns.
CA Certificates
## CA Certificate Details
Details page contains the `Risk Score` of the certificate authority certificate and `Information` pane.
{% hint style="info" %}
You can analyze objects in the `Graph module` by clicking the `Visualize` button on the upper left side of the `Information Pane`.
{% endhint %}
CA Certificate Details
## Information
Information pane contains attributes below about certificate authority certificate object.
| Attribute | Description |
| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Thumbprint** | The hash value computed over the complete certificate, which includes all its fields, including the signature. |
| **Serial Number** | A number that uniquely identifies the certificate and is issued by the certification authority. |
| **Start Date** | Issue date of the CA certificate. |
| **End Date** | Expiry date of the CA certificate. |
| **Version** | Version of the certificate. |
| **Signature Algorithm** | The algorithm used to create the signature of a certificate. |
| **Belong To** | The owner computer object of the certificate. |
| **Subject Name** | The subject name of the CA certificate. |
| **Issuer Name** | The name of the certificate issuer. |
| **Certificate Chain** | The list of certificates that start from a server's certificate and terminate with the root certificate |
| **Root Certificate** | Whether the CA certificate belongs to a root CA. |
| **Enrollment Certificate** | Whether the CA certificate can process certificate requests and issue certificates. |
| **In NTAuth Store** | Whether the CA certificate in the `NTAuthCertificates` container. This object defines one or more CA certificates in its `cacertificate` attribute and AD uses it during authentication. The domain controller checks if `NTAuthCertificates` object contains an entry for the CA specified in the authenticating certificate's Issuer field. If it is, authentication proceeds. If the certificate is not in the `NTAuthCertificates` object, authentication fails. |
| **Key Usage** | Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed. |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.forestall.io/fsprotect/ad-identities/ca-certificates.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.