Hierarchical structure with complete scan results
The JSON output format provides a comprehensive hierarchical structure containing all scan results. This is the default format and is ideal for integration with custom tools and comprehensive analysis.
.\certscanner-windows-amd64.exe -host example.com -outputformat json -output report.json| Field | Type | Required | Description |
|---|---|---|---|
| scanning_system_info | Object | Yes | Information about the scanning system |
| scan_type | String | Yes | Scan mode: "local" or "remote" |
| target | String | Yes | Target specification provided by user |
| timestamp | String | Yes | ISO 8601 timestamp of scan start |
| tags | Array<String> | No | Custom tags applied to the scan |
| results | Array<NetworkResult> | No | Network scan results per host |
| filesystem_scan_results | Array<FilesystemCertificate> | No | Certificates found on filesystem |
| process_memory_scan_results | Array<MemoryLibrary> | No | Crypto libraries found in memory |
| outlook_archives | Array<OutlookArchive> | No | Outlook archive files discovered |
| ssh_scan_results | Array<SSHResult> | No | SSH host keys and protocol information |
| vpn_client_scan_results | Array<VPNClientInfo> | No | VPN client installations and PQC assessments NEW |
| ipsec_tunnel_scan_results | Array<IPSecTunnelInfo> | No | IPSec tunnel configurations and security analysis NEW |
| quantum_readiness | QuantumReadinessAssessment | No | System quantum readiness assessment with 100-point scoring (local mode only) NEW |
| keystore_scan_results | Array<KeystoreInfo> | No | Keystore discovery and certificate analysis (PKCS12, JKS, System Stores) NEW |
| Field | Type | Description | Example |
|---|---|---|---|
| hostname | String | Hostname of scanning system | "scanner-host" |
| os | String | Operating system | "windows", "linux", "darwin" |
| platform | String | Platform architecture | "windows/amd64", "linux/amd64" |
| platform_version | String | OS version | "10.0.19045", "20.04.6" |
| software_version | String | TYCHON ACDI version | "1.0.42" |
| ip_addresses | Array<String> | Scanner system IP addresses | ["192.168.1.100", "10.0.0.1"] |
| fips_mode_enabled | Boolean | FIPS 140-2 mode status | true, false |
| organization | String | Organization name (optional) | "Security Team" |
| username | String | User running the scan | "security.analyst" |
| bigfix_client_installed | Boolean | Indicates if BigFix client is installed | true, false |
| bigfix_client_id | String | BigFix client ID for asset correlation (optional) | "12345678" |
| Field | Type | Description |
|---|---|---|
| scanned_host | String | Target hostname or IP address |
| domain | String | Resolved domain name |
| ip_address | String | Resolved IP address |
| scan_status | String | "success", "failed", "timeout" |
| error_message | String | Error details if scan failed |
| ports | Array<PortResult> | Results for each scanned port |
| Field | Type | Description |
|---|---|---|
| port | Integer | Port number (443, 22, 993, etc.) |
| status | String | "open", "closed", "filtered" |
| protocol_detected | String | "TLS", "SSH", "SMTP-STARTTLS", etc. |
| tls_version | String | Negotiated TLS version |
| leaf_certificate | Certificate | Server's leaf certificate |
| certificate_chain | Array<Certificate> | Complete certificate chain |
| supported_cipher_suites | Array<CipherSuite> | All supported cipher suites |
| preferred_cipher_suite | CipherSuite | Server's preferred cipher suite |
| ssh_host_keys | Array<SSHHostKey> | SSH host keys (for SSH ports) |
| ssh_banner | String | SSH server banner |
| connection_time_ms | Integer | Connection establishment time |
| quantum_ready_kx | Boolean | Key exchange algorithm is quantum-safe NEW |
| quantum_ready_cipher | Boolean | Encryption cipher is quantum-safe NEW |
| quantum_ready_cert | Boolean | Certificate public key is quantum-safe NEW |
| quantum_ready | Boolean | Overall port quantum readiness (all components quantum-safe) NEW |
| Field | Type | Description | Example |
|---|---|---|---|
| subject | SubjectObject | Certificate subject DN components | See SubjectObject |
| issuer | IssuerObject | Certificate issuer DN components | See IssuerObject |
| validity | ValidityObject | Certificate validity period | See ValidityObject |
| serial_number | String | Certificate serial number | "123456789012345678901234567890" |
| signature_algorithm | String | Signature algorithm | "SHA256-RSA", "SHA384-ECDSA" |
| subject_public_key_info | PublicKeyObject | Public key details | See PublicKeyObject |
| sha256_fingerprint | String | SHA-256 fingerprint | "ab:cd:ef:12:34:..." |
| sha1_fingerprint | String | SHA-1 fingerprint (legacy) | "12:34:56:78:..." |
| is_self_signed | Boolean | Whether certificate is self-signed | false |
| is_ca_certificate | Boolean | Whether this is a CA certificate | true |
| basic_constraints | Object | Basic constraints extension | {"ca": true, "path_len": 0} |
| key_usage | Array<String> | Key usage extensions | ["digitalSignature", "keyEncipherment"] |
| extended_key_usage | Array<String> | Extended key usage | ["serverAuth", "clientAuth"] |
| subject_alt_names | Array<String> | Subject alternative names | ["*.example.com", "example.com"] |
| crl_distribution_points | Array<String> | CRL distribution URLs | ["http://crl.example.com/ca.crl"] |
| authority_info_access | Object | OCSP and CA issuer URLs | {"ocsp": ["http://ocsp.example.com"]} |
| source_file_path | String | File path (filesystem scans) | "/etc/ssl/certs/ca.pem" |
| Field | Type | Description | Example |
|---|---|---|---|
| common_name | String | Common Name (CN) | "example.com" |
| organization | String | Organization (O) | "Example Corp" |
| organizational_unit | String | Organizational Unit (OU) | "IT Department" |
| country | String | Country (C) | "US" |
| state_or_province | String | State/Province (ST) | "California" |
| locality | String | City/Locality (L) | "San Francisco" |
| email_address | String | Email Address | "admin@example.com" |
| raw | String | Complete DN string | "CN=example.com,O=Example Corp,C=US" |
| Field | Type | Description | Example |
|---|---|---|---|
| protocol | String | TLS protocol version | "TLSv1.3", "TLSv1.2" |
| cipher_suite | String | IANA cipher suite name | "TLS_AES_256_GCM_SHA384" |
| cipher_suite_hex | String | Hexadecimal identifier | "0x13,0x02" |
| key_length_bits | Integer | Symmetric key length in bits | 256 |
| negotiated_group | String | Key exchange group/curve | "X25519", "secp384r1" |
| is_preferred | Boolean | Server's preferred choice | true |
| source | String | OpenSSL cipher name | "ECDHE-RSA-AES256-GCM-SHA384" |
| intel | IntelObject | Security intelligence data | See IntelObject |
| Field | Type | Description | Values |
|---|---|---|---|
| security_level | String | Overall security assessment | "high", "medium", "low", "insecure" |
| recommendation | String | Security recommendation | "recommended", "acceptable", "legacy", "avoid" |
| pqc_ready | Boolean | Post-quantum cryptography ready | false (most current ciphers) |
| vulnerabilities | Array<String> | Known security vulnerabilities | ["BEAST", "CRIME", "POODLE"] |
| nist_security_category | String | NIST classification | "Recommended", "Legacy-Use", "Deprecated" |
| friendly_name | String | Human-readable cipher name | "AES-256 with GCM and SHA-384" |
| description | String | Detailed cipher description | "Advanced Encryption Standard..." |
| Field | Type | Description |
|---|---|---|
| process_id | Integer | Process ID |
| process_name | String | Process executable name |
| process_path | String | Full path to process executable |
| command_line | String | Complete command line |
| username | String | User running the process |
| library_name | String | Crypto library name |
| library_version | String | Library version |
| library_path | String | Library file path |
| crypto_type | String | "openssl", "bcrypt", "java_crypto" |
| product_name | String | Product name from file metadata |
| company_name | String | Company from file metadata |
| file_description | String | File description |
| sha256_hash | String | SHA-256 hash of library file |
| Field | Type | Description | Example |
|---|---|---|---|
| algorithm | String | Host key algorithm | "ssh-rsa", "ecdsa-sha2-nistp256" |
| key_size_bits | Integer | Key size in bits | 2048, 256 |
| fingerprint_md5 | String | MD5 fingerprint (legacy) | "12:34:56:78:..." |
| fingerprint_sha256 | String | SHA-256 fingerprint | "SHA256:abcd..." |
| curve_name | String | Elliptic curve name (ECDSA keys) | "nistp256", "nistp384" |
| public_key_data | String | Base64-encoded public key | "AAAAB3NzaC1yc2E..." |
| is_weak | Boolean | Whether key is cryptographically weak | false |
| Field | Type | Description | Example |
|---|---|---|---|
| file_path | String | Full path to PST/OST file | "C:\\Users\\user\\archive.pst" |
| file_size_bytes | Integer | File size in bytes | 1048576000 |
| is_encrypted | Boolean | Whether archive is encrypted | true |
| encryption_type | String | Encryption method | "Compressible", "High" |
| created_date | String | Archive creation date | "2024-01-15T10:30:00Z" |
| last_modified | String | Last modification date | "2024-12-01T15:45:00Z" |
| owner | String | File owner | "DOMAIN\\username" |
| Field | Type | Description | Example |
|---|---|---|---|
| source_id | String | Unique identifier for tracking | "d87c1d880886fd83..." |
| client_name | String | VPN client application name | "Palo Alto GlobalProtect" |
| vendor | String | Software vendor/manufacturer | "Palo Alto Networks" |
| version | String | Client software version | "6.3.2-525" |
| install_path | String | Installation directory path | "/Applications/GlobalProtect.app" |
| config_path | String | Configuration file location | "~/Library/Application Support/..." |
| executable_path | String | Main executable file path | "/Applications/.../GlobalProtect" |
| service_name | String | System service identifier | "com.paloaltonetworks.globalprotect" |
| process_id | Integer | Current process ID (if running) | 4473 |
| status | String | Current operational status | "active", "inactive", "unknown" |
| detection_method | String | How client was discovered | "filesystem", "registry", "process" |
| detection_confidence | String | Detection accuracy level | "high", "medium", "low" |
| pqc_assessment | PQCAssessment | Post-quantum cryptography analysis | See PQCAssessment Object |
| security_assessment | VPNSecurityAssessment | Comprehensive security analysis and scoring | See VPNSecurityAssessment Object |
| configuration_security | VPNConfigSecurity | VPN configuration security settings | See VPNConfigSecurity Object |
| active | Boolean | Whether client is currently active | true |
| last_seen | String | ISO 8601 timestamp of last detection | "2025-09-12T12:54:43.593113-04:00" |
| first_detected | String | ISO 8601 timestamp of first detection | "2025-09-12T12:54:43.583862-04:00" |
| Field | Type | Description | Example |
|---|---|---|---|
| source_id | String | Unique identifier for tracking | "90e2352de5c7c9d856327..." |
| tunnel_name | String | IPSec tunnel or connection name | "macOS Built-in IPSec" |
| implementation | String | IPSec implementation type | "strongswan", "libreswan", "macOS" |
| config_path | String | Configuration file location | "/etc/ipsec.conf" |
| status | String | Current tunnel status | "active", "inactive", "unknown" |
| detection_method | String | How tunnel was discovered | "config_file", "process", "kernel" |
| detection_confidence | String | Detection accuracy level | "high", "medium", "low" |
| tunnel_details | IPSecTunnelDetails | Detailed tunnel configuration | See IPSecTunnelDetails Object |
| pqc_assessment | PQCAssessment | Post-quantum cryptography analysis | See PQCAssessment Object |
| security_assessment | IPSecSecurityAssessment | Comprehensive security analysis and scoring | See IPSecSecurityAssessment Object |
| active | Boolean | Whether tunnel is currently active | false |
| last_seen | String | ISO 8601 timestamp of last detection | "2025-09-12T12:49:37.307164-04:00" |
| first_detected | String | ISO 8601 timestamp of first detection | "2025-09-12T12:49:37.296218-04:00" |
| Field | Type | Description | Example |
|---|---|---|---|
| is_pqc_ready | Boolean | Whether implementation supports PQC algorithms | true |
| quantum_resistance | String | Level of quantum resistance | "high", "medium", "low", "none" |
| pqc_migration_status | String | Migration readiness status | "ready", "partial", "not_ready" |
| supported_pqc_algorithms | Array<String> | List of supported PQC algorithms | ["ML-KEM-512", "ML-DSA-44"] |
| pqc_version_available | String | Version with PQC support (if any) | "6.4.0" |
| last_assessed | String | ISO 8601 timestamp of assessment | "2025-09-12T12:54:43.476222-04:00" |
| Field | Type | Description | Example |
|---|---|---|---|
| security_score | Integer | Overall security score (0-100) | 87 |
| risk_level | String | Security risk assessment level | "low", "medium", "high", "critical" |
| pqc_vulnerable | Boolean | Vulnerable to quantum attacks | false |
| pqc_support | Boolean | Supports post-quantum cryptography | true |
| vulnerable | Boolean | Has known security vulnerabilities | false |
| weak_crypto | Boolean | Uses weak cryptographic algorithms | false |
| known_vulnerabilities | Array<String> | List of CVE identifiers | ["CVE-2023-1234", "CVE-2023-5678"] |
| last_assessed | String | ISO 8601 timestamp of assessment | "2025-09-19T10:30:00Z" |
| Field | Type | Description | Example |
|---|---|---|---|
| authentication_method | String | Authentication method used | "certificate", "psk", "username_password" |
| dns_leak_protection | Boolean | DNS leak protection enabled | true |
| kill_switch | Boolean | Kill switch/network lock enabled | true |
| split_tunneling | Boolean | Split tunneling enabled (security risk) | false |
| ipv6_leak_protection | Boolean | IPv6 leak protection enabled | true |
| auto_reconnect | Boolean | Auto-reconnect enabled | true |
| logging_enabled | Boolean | VPN logging enabled | false |
| config_encrypted | Boolean | Configuration file encrypted | true |
| Field | Type | Description | Example |
|---|---|---|---|
| security_score | Integer | Overall security score (0-100) | 92 |
| risk_level | String | Security risk assessment level | "low", "medium", "high", "critical" |
| pqc_vulnerable | Boolean | Vulnerable to quantum attacks | false |
| pqc_support | Boolean | Supports post-quantum cryptography | true |
| vulnerable | Boolean | Has known security vulnerabilities | false |
| weak_crypto | Boolean | Uses weak cryptographic algorithms | false |
| known_vulnerabilities | Array<String> | List of CVE identifiers | [] |
| last_assessed | String | ISO 8601 timestamp of assessment | "2025-09-19T10:30:00Z" |
| Field | Type | Description | Example |
|---|---|---|---|
| source_id | String | Unique identifier for tracking | "ks_12345abcd..." |
| path | String | Full path to keystore file or identifier | "/home/user/keystore.p12" |
| type | String | Keystore format type | "PKCS12", "JKS", "Windows", "macOS" |
| accessible | Boolean | Whether keystore is accessible | true |
| requires_auth | Boolean | Whether authentication is required | false |
| cert_count | Integer | Number of certificates found | 15 |
| owner | String | File owner (if available) | "domain\\username" |
| permissions | String | File permissions | "rw-r--r--" |
| size | Integer | File size in bytes | 2048576 |
| last_modified | String | ISO 8601 timestamp of last modification | "2024-12-01T10:30:00Z" |
| error_message | String | Error details if access failed | "Password required" |
| certificates | Array<KeystoreCertificate> | Certificates contained in keystore | See KeystoreCertificate Object |
| active | Boolean | Whether keystore is currently active | true |
| last_seen | String | ISO 8601 timestamp of last detection | "2025-09-17T14:30:00Z" |
| first_detected | String | ISO 8601 timestamp of first detection | "2025-09-17T14:30:00Z" |
| Field | Type | Description | Example |
|---|---|---|---|
| alias | String | Certificate alias in keystore | "my-server-cert" |
| subject | String | Certificate subject DN | "CN=example.com,O=Example Corp" |
| issuer | String | Certificate issuer DN | "CN=CA Root,O=Trust CA" |
| serial_number | String | Certificate serial number | "123456789" |
| thumbprint | String | SHA-1 thumbprint | "12:34:56:78:ab:cd" |
| not_before | String | Certificate validity start date | "2024-01-01T00:00:00Z" |
| not_after | String | Certificate validity end date | "2025-01-01T00:00:00Z" |
| key_algorithm | String | Public key algorithm | "RSA", "ECDSA", "Ed25519" |
| key_size | Integer | Key size in bits | 2048 |
| signature_algo | String | Signature algorithm | "SHA256-RSA" |
| version | Integer | X.509 version | 3 |
| is_ca | Boolean | Whether certificate is a CA | false |
| is_self_signed | Boolean | Whether certificate is self-signed | false |
| has_private_key | Boolean | Whether private key is available | true |
| key_usage | Array<String> | Key usage extensions | ["digitalSignature", "keyEncipherment"] |
| ext_key_usage | Array<String> | Extended key usage | ["serverAuth", "clientAuth"] |
| chain_length | Integer | Certificate chain length | 3 |
| chain_complete | Boolean | Whether certificate chain is complete | true |
| vulnerable | Boolean | Whether certificate has vulnerabilities | false |
| risk_level | String | Risk assessment level | "low", "medium", "high", "critical" |
| risk_reason | String | Reason for risk assessment | "Weak key size" |
| cve_list | Array<String> | Associated CVE identifiers | ["CVE-2024-1234"] |
| fixed_in_version | String | Version where vulnerability is fixed | "1.2.3" |
| pqc_vulnerable | Boolean | Whether vulnerable to quantum attacks | true |
| pqc_reason | String | Reason for PQC vulnerability | "RSA algorithm vulnerable to quantum" |
| active | Boolean | Whether certificate is currently active | true |
| last_seen | String | ISO 8601 timestamp of last detection | "2025-09-17T14:30:00Z" |
| Field | Type | Description | Example |
|---|---|---|---|
| assessment_id | String | Unique identifier for this assessment | "qr_20250915_101539_abc123" |
| timestamp | String | ISO 8601 timestamp of assessment | "2025-09-15T10:15:39.123456-07:00" |
| assessment_type | String | Type of assessment performed | "comprehensive" |
| system_type | String | Classification of system type | "workstation", "server" |
| system_role | String | Primary role of the system | "workstation", "server", "unknown" |
| criticality_level | String | System criticality classification | "critical", "important", "standard" |
| fips_mode_enabled | Boolean | FIPS 140-2 mode status at time of assessment | true, false |
| hardware_score | HardwareAssessment | Hardware readiness scoring (40 points max) | See HardwareAssessment Object |
| operating_system_score | OSAssessment | OS readiness scoring (30 points max) | See OSAssessment Object |
| crypto_library_score | CryptoAssessment | Crypto library scoring (25 points max) | See CryptoAssessment Object |
| network_score | NetworkAssessment | Network readiness scoring (5 points max) | See NetworkAssessment Object |
| overall_score | Integer | Total quantum readiness score out of 100 | 64 |
| readiness_status | String | Overall readiness classification | "Ready", "Partially Ready", "Update Required", "Not Ready" |
| status_color | String | Color code for status visualization | "green", "yellow", "orange", "red" |
| ready_timeline | String | Estimated timeline to quantum readiness | "2-6 months" |
| recommendations | Array<String> | Actionable recommendations | ["Upgrade to macOS 15.0+", "Update OpenSSL to 3.4.0+"] |
| critical_issues | Array<Issue> | Critical blocking issues | [] |
| upgrade_pathway | Array<UpgradeStep> | Step-by-step upgrade plan | See UpgradeStep Object |
| compliance_status | ComplianceAssessment | Compliance framework assessment | See ComplianceAssessment Object |
| detailed_report | String | Comprehensive assessment summary | "System shows moderate quantum readiness..." |
{
"scanning_system_info": {
"hostname": "scanner-host",
"os": "darwin",
"platform": "darwin",
"platform_version": "15.5",
"software_version": "1.0.42",
"ip_addresses": ["192.168.1.100"],
"organization": "Security Team"
},
"scan_type": "remote",
"target": "example.com:443",
"timestamp": "2025-09-02T09:00:17-04:00",
"tags": ["production", "weekly-scan"],
"results": [
{
"scanned_host": "example.com",
"domain": "example.com",
"ports": [
{
"port": 443,
"status": "open",
"protocol_detected": "TLS",
"leaf_certificate": {
"subject": {
"common_name": "example.com",
"organization": "Example Corp",
"country": "US",
"raw": "CN=example.com,O=Example Corp,C=US"
},
"issuer": {
"common_name": "DigiCert TLS RSA SHA256 2020 CA1",
"organization": "DigiCert Inc",
"country": "US",
"raw": "CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US"
},
"validity": {
"not_before": "2024-03-01T00:00:00Z",
"not_after": "2025-03-01T23:59:59Z"
},
"serial_number": "123456789012345678901234567890",
"signature_algorithm": "SHA256-RSA",
"subject_public_key_info": {
"algorithm": "RSA",
"bit_size": 2048
},
"sha256_fingerprint": "ab:cd:ef:12:34:56:78:90:...",
"is_self_signed": false
},
"supported_cipher_suites": [
{
"protocol": "TLSv1.3",
"cipher_suite": "TLS_AES_256_GCM_SHA384",
"key_length_bits": 256,
"negotiated_group": "X25519",
"is_preferred": true,
"source": "ECDHE-RSA-AES256-GCM-SHA384",
"intel": {
"security_level": "high",
"recommendation": "recommended",
"pqc_ready": false
}
}
]
}
]
}
],
"filesystem_scan_results": [
{
"source_file_path": "/etc/ssl/certs/example.pem",
"subject": {
"common_name": "Internal CA",
"organization": "Example Corp"
},
"validity": {
"not_before": "2023-01-01T00:00:00Z",
"not_after": "2033-01-01T00:00:00Z"
},
"serial_number": "987654321098765432109876543210",
"is_self_signed": true
}
],
"vpn_client_scan_results": [
{
"source_id": "d87c1d880886fd83db018456d742cb83efa0758e",
"client_name": "Palo Alto GlobalProtect",
"vendor": "Palo Alto Networks",
"version": "6.3.2-525",
"install_path": "/Applications/GlobalProtect.app",
"config_path": "~/Library/Application Support/com.paloaltonetworks.globalprotect",
"executable_path": "/Applications/GlobalProtect.app/Contents/MacOS/GlobalProtect",
"service_name": "com.paloaltonetworks.globalprotect",
"process_id": 4473,
"status": "active",
"detection_method": "filesystem",
"detection_confidence": "high",
"pqc_assessment": {
"is_pqc_ready": true,
"quantum_resistance": "medium",
"pqc_migration_status": "partial",
"supported_pqc_algorithms": ["ML-KEM-512"],
"pqc_version_available": "6.4.0",
"last_assessed": "2025-09-12T12:54:43.476222-04:00"
},
"active": true,
"last_seen": "2025-09-12T12:54:43.593113-04:00",
"first_detected": "2025-09-12T12:54:43.583862-04:00"
}
],
"ipsec_tunnel_scan_results": [
{
"source_id": "90e2352de5c7c9d856327dcfef4ffbd89c2634a1",
"tunnel_name": "strongSwan Site-to-Site",
"implementation": "strongswan",
"config_path": "/etc/ipsec.conf",
"status": "inactive",
"detection_method": "config_file",
"detection_confidence": "high",
"tunnel_details": {
"local_subnet": "192.168.1.0/24",
"remote_subnet": "10.0.0.0/24",
"gateway": "203.0.113.1",
"encryption_algorithms": ["aes256"],
"integrity_algorithms": ["sha256"],
"key_exchange_groups": ["modp2048"]
},
"pqc_assessment": {
"is_pqc_ready": false,
"quantum_resistance": "low",
"pqc_migration_status": "not_ready",
"supported_pqc_algorithms": [],
"pqc_version_available": "5.9.12",
"last_assessed": "2025-09-12T12:49:37.296203-04:00"
},
"active": false,
"last_seen": "2025-09-12T12:49:37.307164-04:00",
"first_detected": "2025-09-12T12:49:37.296218-04:00"
}
],
"keystore_scan_results": [
{
"source_id": "ks_a1b2c3d4e5f6789012345678901234567890abcd",
"path": "/Users/admin/Documents/certificates/server.p12",
"type": "PKCS12",
"accessible": true,
"requires_auth": false,
"cert_count": 3,
"owner": "admin",
"permissions": "rw-r--r--",
"size": 4096,
"last_modified": "2024-12-01T10:30:00Z",
"certificates": [
{
"alias": "server-cert",
"subject": "CN=api.example.com,O=Example Corp,C=US",
"issuer": "CN=Example Internal CA,O=Example Corp,C=US",
"serial_number": "0x1a2b3c4d5e6f7890",
"thumbprint": "a1:b2:c3:d4:e5:f6:78:90:12:34:56:78:90:ab:cd:ef:12:34:56:78",
"not_before": "2024-01-01T00:00:00Z",
"not_after": "2025-12-31T23:59:59Z",
"key_algorithm": "RSA",
"key_size": 2048,
"signature_algo": "SHA256-RSA",
"version": 3,
"is_ca": false,
"is_self_signed": false,
"has_private_key": true,
"key_usage": ["digitalSignature", "keyEncipherment"],
"ext_key_usage": ["serverAuth"],
"chain_length": 2,
"chain_complete": true,
"vulnerable": false,
"risk_level": "medium",
"risk_reason": "RSA-2048 approaching deprecation timeline",
"pqc_vulnerable": true,
"pqc_reason": "RSA algorithm vulnerable to quantum cryptanalysis",
"active": true,
"last_seen": "2025-09-17T14:30:00Z"
}
],
"active": true,
"last_seen": "2025-09-17T14:30:00Z",
"first_detected": "2025-09-17T14:30:00Z"
}
]
}