Show All Insecure Certificates
Query
// Use Case: Identifying outdated or potentially insecure digital certificates that use SHA-1 or MD5 hashing algorithms for a cybersecurity audit.
Certificate
| where SigningAlgorithm contains 'sha1' or SigningAlgorithm contains 'md5'
| project SigningAlgorithm, SubjectName, CommonName, SelfSignedExplanation
This query is designed to help identify digital certificates that may be outdated or insecure due to their use of weak hashing algorithms, specifically SHA-1 or MD5. It searches through a database of certificates and filters out those that use either of these algorithms. The query then displays specific details about these certificates, including:
- SigningAlgorithm: The algorithm used to sign the certificate (either SHA-1 or MD5 in this case).
- SubjectName: The name of the entity that the certificate is issued to.
- CommonName: A more specific identifier within the SubjectName, often used as a domain name.
- SelfSigned: Indicates whether the certificate is self-signed or not.
This information is useful for cybersecurity audits to identify certificates that may need to be updated or replaced to ensure security.
Details

Ugur Koc
Released: December 13, 2024
Tables
Certificate
Keywords
CertificateSigningAlgorithmSubjectNameCommonNameSelfSigned
Operators
containsorprojectwhere