Certificates Table

Use the Certificates table to see all leaf certificates that have been used to validly sign or cosign files found on agent-managed computers and all certificates in the paths for those leaf certificates.

The table also provides access to the Certificate Details page for each certificate. Click either the View Details button or the Subject Name in the table to see details for a certificate.

Note: The Certificate table is a read-only page with no Action menu. Certificate state can be changed only in the context of a specific publisher, on the Publisher Details page. See Approve or Ban Certificates for a Publisher for more information.

To view the Certificates table:

On the console menu, choose Assets > Certificates.

The certificates table

The default table includes selected columns with key information about each certificate. As with any Carbon Black App Control table, you can add or remove columns from the table view using the Column Settings panel (See Console Tables for more information about customizing a table view.). The following table shows the possible fields available on the Certificates table and also the Certificate Details page. Some of these fields are not shown by default in the table.

Table 1. Fields in Certificates Table and Details Pages
Field/Column	Source	Where	Description
Note: In the Where column, T = Table page, D = Details page
Subject Name	Cert	T, D	Distinguished name of the subject of the certificate, in this case the signer of the file. In the table, the name is shortened, but a tooltip provides a full length Subject Name. Clicking on the name in the table opens the details page for this certificate.
Publisher	Cert	T, D	Publisher name as identified by the CN portion of the Subject Name in the certificate. If this publisher signed any files in the File Catalog, clicking the name opens the Publisher Details page. Some of the “Publishers” listed are certificate authorities, not actual software publishers, and so do not have linked names.
Unique Signed Files	Carbon Black App Control	T, D	Number of unique files in the File Catalog signed by this certificate. If greater than zero, clicking on the number opens the File Catalog filtered to show these files.
Path Position	Cert	T	Position of this certificate in the certificate path cataloged on the server. The possible values are: Root, Intermediary, Leaf. See Path Position and Agent Differences for details about certificate path position, variations among agents, and the impact on certificate management.
Root Certificate	Cert	D	Is this a root certificate? The possible values are: Yes, No.
Global State	Carbon Black App Control	T, D	Effective state of this certificate derived from the following: Publisher State of the publisher identified in this certificate; Certificate State; Certificate Path State, and certificate configuration settings. See Certificate Global State for global certificate state determination, values, and how it interacts with the states of other objects.
Certificate State	Carbon Black App Control	T	State assigned to the certificate for this publisher. The possible values are: Approved, Unapproved, Banned. See Certificate Global State for a description of how this affects global certificate state and file state.
Certificate State Details (in details), Global State Details (in table)	Carbon Black App Control and Cert	T, D	Detailed description of all of the factors contributing to Certificate Global State. See Certificate Global State for more information.
Valid From	Cert	T, D	Date this Certificate is valid from. Format is MMM DD YYYY HH:MM:SS AM/PM (UTC).
Valid To	Cert	T, D	Date this Certificate is valid to. Format is MMM DD YYYY HH:MM:SS AM/PM (UTC).
Signature Algorithm	Cert	T, D	Algorithm used to create the certificate’s signature. Typical values: MD2RSA, MD5RSA, SHA1RSA, SHA256RSA. See Certificate Approval Configuration Choices for configuration settings related to this field.
Thumbprint	Cert	T, D	SHA1 hash value of this certificate.
Certificate ID	Carbon Black App Control	T, D	Unique hash identifier generated by Carbon Black App Control for this certificate.
First Seen Date	Carbon Black App Control	T, D	Date and time this certificate was first seen and inventoried on this Carbon Black App Control Server.
Last Modified Date (in details), Date Modified (in table)	Carbon Black App Control	T, D	Date and time the record for this certificate was last modified on this Carbon Black App Control Server.
Description	Carbon Black App Control	T, D	An editable field in which console users can add or modify a comment about this certificate.
Last Validation Date	Carbon Black App Control	T, D	Last date and time when this certificate was validated on the Carbon Black App Control Server. Certificates are validated when discovered and periodically re-checked.
Public Key Algorithm	Cert	T, D	Algorithm used to produce the public key.
Public Key Size	Cert	T, D	Size of the public key for this certificate. See Certificate Approval Configuration Choices for size settings.
Serial Number	Cert	T, D	A field in the certificate containing a number that is unique among certificates from its issuing certificate authority.
Type	Cert	T, D	Indicates whether a certificate was embedded or detached or both, and whether the signature was used to sign the file or to countersign the signature, usually for timestamp validation. Leaf certificates only. The possible values are: Embedded, Detached, Signer, Cosigner. Each certificate has two or more of these values. See Certificate Types for details about type and its impact on certificate management.
Validation Error(in Table), Validation Message (in Details)	Cert	T, D	Shows any error messages returned when the certificate is checked. If the certificate check produces no errors, this field will be blank. See http://msdn.microsoft.com/en-us/library/windows/desktop/aa377590(v=vs.85).aspx for a list of possible messages. Many certificates show validation errors for reasons that are not necessarily an indication of significant risk. For example, a certificate authority may stop providing information (and thus validation) for older certificates.
History	Carbon Black App Control	D	Panel includes the following where appropriate: First Seen Date – The date and time this certificate was first seen in your Carbon Black App Control environment. Last Modified by – The console user that made the most recent change to certificate state (not in table). Last Modified Date – The date and time when the most recent change to certificate state was made.
Certificate Path	Cert	D	Panel shows this certificate in the context of its path. Each item in the list (except for the current certificate) is a link to the certificate details for other certificates in the path.