turbot/alicloud
steampipe plugin install alicloud

Table: alicloud_cas_certificate - Query Alibaba Cloud CAS Certificates using SQL

Alibaba Cloud's Certificate Authority Service (CAS) is a platform that provides digital certificate services. The service is designed to help users secure online data transmission, establish SSL encrypted sessions and enhance the security of their websites, applications and services. It provides a range of certificate types, including DV, OV, and EV SSL certificates.

Table Usage Guide

The alicloud_cas_certificate table provides insights into the digital certificates within Alibaba Cloud's Certificate Authority Service (CAS). As a security engineer, you can explore certificate-specific details through this table, including the certificate's status, domain, issuer, and validity period. Utilize it to uncover information about certificates, such as those that are expired or nearing expiration, the domains they are associated with, and the entities that issued them.

Examples

Basic info

Explore which certificates are issued by Alicloud CAS by determining their names, IDs, and associated organization names. This can help in managing and tracking the certificates used in your infrastructure.

select
name,
id,
org_name,
issuer
from
alicloud_cas_certificate;
select
name,
id,
org_name,
issuer
from
alicloud_cas_certificate;

List expired certificates

Explore which certificates have expired to ensure your systems remain secure and up-to-date. This is crucial as expired certificates can lead to security vulnerabilities and system downtime.

select
name,
id,
issuer,
expired
from
alicloud_cas_certificate
where
expired;
select
name,
id,
issuer,
expired
from
alicloud_cas_certificate
where
expired = 1;

List third-party certificates

Discover the segments that contain third-party certificates in the Alicloud CAS service. This can be useful to identify certificates not purchased through Alicloud, potentially highlighting areas of cost savings or security risks.

select
name,
id,
issuer,
buy_in_aliyun
from
alicloud_cas_certificate
where
not buy_in_aliyun;
select
name,
id,
issuer,
buy_in_aliyun
from
alicloud_cas_certificate
where
buy_in_aliyun = 0;

Schema for alicloud_cas_certificate

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
buy_in_aliyunbooleanIndicates whether the certificate was purchased from Alibaba Cloud.
certtextThe certificate content, in PEM format.
citytextThe city where the organization that purchases the certificate is located.
commontextThe common name (CN) attribute of the certificate.
countrytextThe country where the organization that purchases the certificate is located.
end_datetimestamp with time zoneThe expiration date of the certificate.
expiredbooleanIndicates whether the certificate has expired.
fingerprinttextThe certificate fingerprint.
iddouble precision=The ID of the certificate.
issuertextThe certificate authority.
keytextThe private key of the certificate, in PEM format.
nametextThe name of the certificate.
org_nametextThe name of the organization that purchases the certificate.
provincetextThe province where the organization that purchases the certificate is located.
regiontextThe Alicloud region in which the resource is located.
sanstextAll domain names bound to the certificate.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
start_datetimestamp with time zoneThe issuance date of the certificate.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloud

You can pass the configuration to the command with the --config argument:

steampipe_export_alicloud --config '<your_config>' alicloud_cas_certificate