A creative solution for effectively querying X509 certificate attributes

I could not query our service logs for attributes I was interested in and had to come up with a fast and creative solution to do it.

I owned a Certificate Authority (CA) service with my team. The CA generated X509 certificates for clients. For simplicity, an X509 certificate was a list of attributes with a digital signature of the service authority. The service logged all generated certificates in Privacy-Enhanced Mail format (PEM) to log storage. PEM is a base64 format. It was impossible to query the storage with a single certificate attribute in this format.

After investigation, I found that the log storage supports JSON document queries. Quick prototyping proved the point. I decided that we can store certificates in JSON format alongside PEM. One of my reports built a layer to serialize the X509 certificate in a JSON document and integrated it into the service. The CA started logging certificates in JSON format and we were able to query data at the attributes level.

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store