# Certificate Authorities The `Certificate Authorities` page provides a list of enumerated certificate authorities in entire Acitve Directory. The list contains the `Host Computer`, `Root CA`, `Enterprise CA`, `Enrollee Suplies Subject`, `Risk Score` ,`Exposure Point` and `Issue Counts` columns.

## Certificate Authority Details Details page contains the `Risk Score` of the certificate authority, `Exposure Point`, `Information` and `Issues` panes. {% hint style="info" %} You can analyze objects in the `Graph module` by clicking the `Visualize` button on the upper left side of the `Information Pane`. {% endhint %}

## Information `Information Pane` can contain different badges to highlight important attributes. | Badge | Description | | --------- | ----------------------------------- | | **Admin** | Indicates that the object is Admin. | `Information Pane` contains `Details`, `Certificate Templates`, `CA Certificates`, `Enrollment Agent Restrictions`, and `Certificate Manager Restrictions` tabs respectively. ## Details Details tab contains attributes below about certificate authority object. | Attribute | Description | | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Display Name** | The display name for an object. (**LDAP Display Name**: displayName) | | **Enterprise CA Name** | Name of the CA server, specified in the ADCS installation. | | **Distinguished Name** | Active Directory distinguished name of the object. (**Ldap Display Name**: distinguishedName) | | **CA Certificate DN** | Full distinguished name from the CA certificate. | | **DNS Host Name** | Fully qualified domain name of computer as registered in DNS. (**Ldap Display Name**: dNSHostName) | | **Full Name** | Combination of the DNSHostName and the Name of the certificate authority. | | **Created Time** | The date when this object was created. (**Ldap Display Name**: whenCreated) | | **Last Changed Time** | The date when this object was last changed. (**Ldap Display Name**: whenChanged) | | **Computer** | FSName of the computer that contains the certificate authority instance. | | **Root CA** | Whether the certificate authority is an root certificate authority instance. The root certificate authorities are the first and may be the only certificate authorities configured in a Public Key Infrastructure(PKI) hierarchy. | | **Enterprise CA** | Whether the certificate authority is an enterprise certificate authority instance. Enterprise certificate authorities are domain members and typically online to issue certificates or certificate policies. | | **Enrollee Supplies Subject** | Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to any certificate template that is published by this certificate authority server has been allowed. | | **CA Flags** | The certificate authority flags attribute stores the bitwise combination of the certificate authority server's capabilities. | | **Allow Web-Based Enrollment Methods** | Whether the certificate authority server supports web-based enrollment for the clients. | | **CA Web Enrollment URLs** | Certificate authority web enrollment url addresses of the certificate authority. | | **Certificate Enrollment Web Service URLs** | Certificate enrollment web service url addresses of the certificate authority. | | **Certificate Enrollment Policy Web Service URLs** | Certificate enrollment policy web service url addresses of the certificate authority. | | **Network Device Enrollment Service URLs** | Network device enrollment url addresses of the certificate authority. | ## Certificate Templates Certificate templates tab constains a list of certificate templates that generated on the certificate authority. This list also contains `Allow Domain Authentication`, `Enrollee Supplies Subject` and `Require Manager Approval` columns.

## CA Certificates CA Certificates tab constains a list of certificate authority certificates that belongs to the certificate authority. This list also contains `Root Certificate` and `In NT Auth Store` columns.

## Enrollment Agent Restrictions Enrollment Agent Restrictions tab constains a list of enrollment agent restriction definitions on the certificate authority. This list constains `Enrollment Agent`, `Template`, `On Behalf Of` and `Access` columns.

## Certificate Manager Restrictions Certificate Manager Restrictions tab contains a list of certificate manager restriction definitions on the certificate authority. This list contains `Certificate Manager`, `Template`, `Principal` and `Access` columns.

## Issues Issues pane contains identified issues on the certificate authority object. ![Issues](https://3408039743-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FObpV44hoVkNmo5bFuVVL%2Fuploads%2Fgit-blob-902656e74e92881a4b10aa8923e73df4b0704869%2F7.png?alt=media) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/ad-identities/certificate-authorities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.