# CACertificate | Field | Type | Possible Operators | Description | | --------------------------- | ------- | ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Guid** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | A unique identifier that is a combination of GUID of selected `Scan` and Active Directory `ObjectGUID` of the object. | | **FSName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | A special unique identifier that is a combination of the `Thumbprint of the object` and the `FSName of the Certificate Authority`. | | **SubjectName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The subject name of the CA certificate. | | **EndDate** | DATE | `SMALLER`, `LARGER`, `BETWEEN`, `EQUAL` | Expiry date of the CA certificate. | | **StartDate** | DATE | `SMALLER`, `LARGER`, `BETWEEN`, `EQUAL` | Issue date of the CA certificate. | | **isRootCertificate** | BOOLEAN | `N/A` | Whether the CA certificate belongs to a root CA. | | **KeyUsage** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed. | | **Version** | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | Version of the certificate. | | **isEnrollmentCertificate** | BOOLEAN | `N/A` | Whether the CA certificate can process certificate requests and issue certificates. | | **Thumbprint** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The hash value computed over the complete certificate, which includes all its fields, including the signature. | | **IsInNTAuthStore** | BOOLEAN | `N/A` | Whether the CA certificate in the `NTAuthCertificates` container. This object defines one or more CA certificates in its `cacertificate` attribute and AD uses it during authentication. The domain controller checks if `NTAuthCertificates` object contains an entry for the CA specified in the authenticating certificate's Issuer field. If it is, authentication proceeds. If the certificate is not in the `NTAuthCertificates` object, authentication fails. | | **CertChain** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The list of certificates that start from a server's certificate and terminate with the root certificate | | **IssuerName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The name of the certificate issuer. | | **Serial** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | A number that uniquely identifies the certificate and is issued by the certification authority. | | **SignatureAlgorithm** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The algorithm used to create the signature of a certificate. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/search-and-reports/cacertificate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.