Show All Self Signed Certificates
Query
// Use Case: Identifying self-signed certificates in a network to assess security risks.
Certificate
| where SelfSigned == true
| project SubjectName, CommonName, SelfSignedExplanation
This query is designed to find and list self-signed certificates within a network, which can be a potential security risk. Here's a breakdown of what it does:
-
Certificate: This is the data table or source that contains information about certificates in the network.
-
| where SelfSigned == true: This filters the data to only include certificates that are self-signed. A self-signed certificate is one that is signed by the same entity that it certifies, rather than by a trusted certificate authority.
-
| project SubjectName, CommonName, SelfSigned: This selects and displays specific columns from the filtered data. It shows:
- SubjectName: The name of the entity that the certificate is issued to.
- CommonName: A specific field within the certificate that usually contains the domain name or identity the certificate is associated with.
- SelfSigned: A boolean value indicating that the certificate is self-signed.
In simple terms, this query helps identify and list all self-signed certificates in the network, showing who they are issued to and their common names, which can help assess potential security risks.
Details

Ugur Koc
Released: December 13, 2024
Tables
Keywords
Operators