# CertificateAuthority | Field | Type | Possible Operators | Description | | --------------------------------------------- | ------- | ------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Guid** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | A unique identifier that is a combination of GUID of selected `Scan` and Active Directory `ObjectGUID` of the object. | | **FSName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | A special unique identifier that is a combination of the `Name of the object` and the `FSName of the Forest`. | | **DistinguishedName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Active Directory distinguished name of the object. (**Ldap Display Name**: distinguishedName) | | **IsWebEnrollmentEnabled** | BOOLEAN | `N/A` | Whether the certificate authority server supports web-based enrollment for the clients. | | **AllowsUserSpecifiedSANs** | BOOLEAN | `N/A` | Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to any certificate template that is published by this certificate authority server has been allowed. | | **CertificateManagerRestrictions** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Some organizations require further restrictions on certificate manager activities. Rather than allow a certificate manager to issue or revoke any certificate issued by a CA, the organization might want a certificate manager to only manage a subset of all certificates. Specified property contains the defined certificate manager restrictions on the certificate authority. The data in this column formatted as, `Name of the Certificate Manager`,`Name of the Template` ,`Name of the Principal`,`Access Type`. The definition is, `Name of the Certificate Manager` has `Access Type` rights on `Name of the Principal` to manage the `Name of the Template` template. | | **EnrollmentAgentRestrictions** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | An enrollment agent is a user who can enroll for a certificate on behalf on another client. Unlike a certificate manager, an enrollment agent can only process the enrollment request and cannot approve pending requests or revoke issued certificates. Some organizations require further restrictions on enrollment agents. Rather than allow a certificate request agent to to enroll on behalf any client issued by a CA, the organization might want a certificate request agent to only enroll on behalf of a subset of all certificate templates or clients. Specified property contains the defined certificate request agent restrictions on the certificate authority. The data in this column formatted as, `Name of the Enrollment Agent`,`Name of the Template` ,`Name of the Principal`,`Access`. The definition is, `Name of the Enrollment Agent` has `Access Type` rights to enroll on behalf of `Name of the Principal` to the `Name of the Template` certificate template. | | **IsAdmin** | BOOLEAN | `N/A` | Indicates that the object is Admin. | | **DNSHostName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Fully qualified domain name of computer as registered in DNS. (**Ldap Display Name**: dNSHostName) | | **CertificateEnrollmentWebServiceUrls** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Certificate enrollment web service url addresses of the certificate authority. | | **FullName** | TEXT | `LIKE`, `EQUAL`, `NOT_EQUAL` | Combination of the DNSHostName and the Name of the certificate authority. | | **WhenChanged** | DATE | `SMALLER`, `LARGER`, `BETWEEN`, `EQUAL` | The date when this object was last changed. (**Ldap Display Name**: whenChanged) | | **isEnterpriseCA** | BOOLEAN | `N/A` | Whether the certificate authority is an enterprise certificate authority instance. Enterprise certificate authorities are domain members and typically online to issue certificates or certificate policies. | | **inComputerName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | FSName of the computer that contains the certificate authority instance. | | **CAEnrollmentInterfacesEPADisabled** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The Web-based endpoints of the certificate authority with Extended Authentication Protection (EPA) disabled. | | **WhenCreated** | DATE | `SMALLER`, `LARGER`, `BETWEEN`, `EQUAL` | The date when this object was created. (**Ldap Display Name**: whenCreated) | | **EnterpriseCAName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Name of the CA server, specified in the ADCS installation. | | **inComputerGuid** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Guid of the computer that contains the certificate authority instance. | | **risk** | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | The risk score of the object that calculated based on vulnerability counts and severities. | | **CaCertificateDN** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Full distinguished name from the CA certificate. | | **CAEnrollmentInterfacesHTTPEnabled** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The Web-based endpoints of the certificate authority with HTTP enabled. | | **isRootCA** | BOOLEAN | `N/A` | Whether the certificate authority is an root certificate authority instance. The root certificate authorities are the first and may be the only certificate authorities configured in a Public Key Infrastructure(PKI) hierarchy. | | **DisplayName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The display name for an object. (**LDAP Display Name**: displayName) | | **CertificateEnrollmentPolicyWebServiceUrls** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Certificate enrollment policy web service url addresses of the certificate authority. | | **NetworkDeviceEnrollmentServiceUrls** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Network device enrollment url addresses of the certificate authority. | | **CAWebEnrollmentUrls** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Certificate authority web enrollment url addresses of the certificate authority. | | **CAFlags** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The certificate authority flags attribute stores the bitwise combination of the certificate authority server's capabilities. | | **ExposurePoint** | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | **ExposurePoint**: A numerical value indicating the level of risk or exposure. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/search-and-reports/certificateauthority.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.