> On Wednesday, June 7, 2017 at 7:27:34 AM UTC-7, Rob Stradling wrote:
>
> The https://crt.sh/ web interface makes it easy to do simple queries,
> but it's not flexible enough to support all sorts of advanced
> queries. So we've spun up some additional instances of the crt.sh DB
> that can be publicly accessed directly.
>
> If you have the PostgreSQL client software installed, you can login
> as follows: $ psql -h crt.sh -p 5432 -U guest certwatch
so PostgreSQL has some global directory service such that the client can
find "certwatch" with only the latter name?
> Feel free to poke around and run some queries. :-)
>
> BTW, if you need any SQL inspiration, try appending "&showSQL=y" to
> any search URL. e.g., https://crt.sh/?q=www.comodo.com&showSQL=Y
cool :)
> Any questions, please ask here.
Ok -- I'd like to search for all certs issued with a particular
substring in "Identity" and not from a given "CA ID" -- how might one do
that?
And is it possible to do that via the web interface?
thanks!
=JeffH
On Monday, June 12, 2017 at 7:52:49 PM UTC+1, =JeffH wrote:> On Wednesday, June 7, 2017 at 7:27:34 AM UTC-7, Rob Stradling wrote:
>
> The https://crt.sh/ web interface makes it easy to do simple queries,
> but it's not flexible enough to support all sorts of advanced
> queries. So we've spun up some additional instances of the crt.sh DB
> that can be publicly accessed directly.
>
> If you have the PostgreSQL client software installed, you can login
> as follows: $ psql -h crt.sh -p 5432 -U guest certwatch
so PostgreSQL has some global directory service such that the client can
find "certwatch" with only the latter name?No, "certwatch" is the local database name. "-h crt.sh" and "-p 5432" specify the internet host/port to connect to.
> Feel free to poke around and run some queries. :-)
>
> BTW, if you need any SQL inspiration, try appending "&showSQL=y" to
> any search URL. e.g., https://crt.sh/?q=www.comodo.com&showSQL=Y
cool :)
> Any questions, please ask here.
Ok -- I'd like to search for all certs issued with a particular
substring in "Identity" and not from a given "CA ID" -- how might one do
that?This query searches for all certs that have one or more Identity substrings of "comodo" and that were not issued by CA IDs 1113 or 43:SELECT ci.ISSUER_CA_ID, ci.CERTIFICATE_ID, min(ci.NAME_VALUE)FROM certificate_identity ciWHERE lower(ci.NAME_VALUE) LIKE '%comodo%'AND ci.ISSUER_CA_ID NOT IN (1113,43)GROUP BY ci.ISSUER_CA_ID, ci.CERTIFICATE_IDORDER BY ci.ISSUER_CA_ID, ci.CERTIFICATE_ID;
> BTW, if you need any SQL inspiration, try appending "&showSQL=y" to
> any search URL. e.g., https://crt.sh/?q=www.comodo.com&showSQL=Y
This query searches for all certs that have one or more Identity substrings of "comodo" and that were not issued by CA IDs 1113 or 43:SELECT ci.ISSUER_CA_ID, ci.CERTIFICATE_ID, min(ci.NAME_VALUE)FROM certificate_identity ciWHERE lower(ci.NAME_VALUE) LIKE '%comodo%'AND ci.ISSUER_CA_ID NOT IN (1113,43)GROUP BY ci.ISSUER_CA_ID, ci.CERTIFICATE_IDORDER BY ci.ISSUER_CA_ID, ci.CERTIFICATE_ID;
so the above works for me, thanks! Now I'd like to update the query to be something like this, but my SQL fu is very lacking:SELECT ci.ISSUER_CA_ID, ci.CERTIFICATE_ID, min(ci.NAME_VALUE)FROM certificate_identity ciWHERE lower(ci.NAME_VALUE) LIKE '%comodo%'AND ci.ISSUER_CA_ID NOT IN (
SELECT ca.ID
FROM ca
WHERE lower(ca.NAME) LIKE "%foo%"
OR
SELECT ca.ID
FROM ca
WHERE lower(ca.NAME) LIKE "%bar%"
)GROUP BY ci.ISSUER_CA_ID, ci.CERTIFICATE_IDORDER BY ci.ISSUER_CA_ID, ci.CERTIFICATE_ID;
anyone have any tips?
How might one go about enhancing the below SELECT where clause to also factor-in having `ct_log_entry.ENTRY_TIMESTAMP` be after a given date, such as for example 31-Mar-2017 ?
Nice -- thanks Rob :) Seems to work.
wrt multiple CT Logs, this page lists the ones you are monitoring: https://crt.sh/monitored-logs
the crt.sh database includes all of those logs?
SELECT *, x509_subjectName(cai.CERTIFICATE) SUBJECT_NAME
FROM certificate_and_identities cai
WHERE cai.CERTIFICATE_ID = 445718131
x509_subjectName(cai.CERTIFICATE) ILIKE '%jurisdictionc%'