Table: alicloud_cas_certificate - Query Alibaba Cloud CAS Certificates using SQL
Alibaba Cloud's Certificate Authority Service (CAS) is a platform that provides digital certificate services. The service is designed to help users secure online data transmission, establish SSL encrypted sessions and enhance the security of their websites, applications and services. It provides a range of certificate types, including DV, OV, and EV SSL certificates.
Table Usage Guide
The alicloud_cas_certificate table provides insights into the digital certificates within Alibaba Cloud's Certificate Authority Service (CAS). As a security engineer, you can explore certificate-specific details through this table, including the certificate's status, domain, issuer, and validity period. Utilize it to uncover information about certificates, such as those that are expired or nearing expiration, the domains they are associated with, and the entities that issued them.
Examples
Basic info
Explore which certificates are issued by Alicloud CAS by determining their names, IDs, and associated organization names. This can help in managing and tracking the certificates used in your infrastructure.
select name, id, org_name, issuerfrom alicloud_cas_certificate;select name, id, org_name, issuerfrom alicloud_cas_certificate;List expired certificates
Explore which certificates have expired to ensure your systems remain secure and up-to-date. This is crucial as expired certificates can lead to security vulnerabilities and system downtime.
select name, id, issuer, expiredfrom alicloud_cas_certificatewhere expired;select name, id, issuer, expiredfrom alicloud_cas_certificatewhere expired = 1;List third-party certificates
Discover the segments that contain third-party certificates in the Alicloud CAS service. This can be useful to identify certificates not purchased through Alicloud, potentially highlighting areas of cost savings or security risks.
select name, id, issuer, buy_in_aliyunfrom alicloud_cas_certificatewhere not buy_in_aliyun;select name, id, issuer, buy_in_aliyunfrom alicloud_cas_certificatewhere buy_in_aliyun = 0;Schema for alicloud_cas_certificate
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| account_id | text | The Alicloud Account ID in which the resource is located. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| buy_in_aliyun | boolean | Indicates whether the certificate was purchased from Alibaba Cloud. | |
| cert | text | The certificate content, in PEM format. | |
| city | text | The city where the organization that purchases the certificate is located. | |
| common | text | The common name (CN) attribute of the certificate. | |
| country | text | The country where the organization that purchases the certificate is located. | |
| end_date | timestamp with time zone | The expiration date of the certificate. | |
| expired | boolean | Indicates whether the certificate has expired. | |
| fingerprint | text | The certificate fingerprint. | |
| id | double precision | = | The ID of the certificate. |
| issuer | text | The certificate authority. | |
| key | text | The private key of the certificate, in PEM format. | |
| name | text | The name of the certificate. | |
| org_name | text | The name of the organization that purchases the certificate. | |
| province | text | The province where the organization that purchases the certificate is located. | |
| region | text | The Alicloud region in which the resource is located. | |
| sans | text | All domain names bound to the certificate. | |
| start_date | timestamp with time zone | The issuance date of the certificate. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloudYou can pass the configuration to the command with the --config argument:
steampipe_export_alicloud --config '<your_config>' alicloud_cas_certificate