A creative solution for effectively querying X509 certificate attributes

I could not query our service logs for attributes I was interested in and had to come up with a fast and creative solution to do it.

I owned a Certificate Authority (CA) service with my team. The CA generated X509 certificates for clients. For simplicity, an X509 certificate was a list of attributes with a digital signature of the service authority. The service logged all generated certificates in Privacy-Enhanced Mail format (PEM) to log storage. PEM is a base64 format. It was impossible to query the storage with a single certificate attribute in this format.

After investigation, I found that the log storage supports JSON document queries. Quick prototyping proved the point. I decided that we can store certificates in JSON format alongside PEM. One of my reports built a layer to serialize the X509 certificate in a JSON document and integrated it into the service. The CA started logging certificates in JSON format and we were able to query data at the attributes level.


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store