Output Format

{
  "result_type": "scan",
  "plugin_id": "qualys-certview-plugin",
  "plugin_version": "1.1.0.dev",
  "data": {
    "type": "cert",
    "timestamp": "2026-01-30T12:42:49-05:00",
    "urn": "urn:cert:sha256:e6fe22bf45e4f0d3b85c59e02c0f495418e1eb8d3210f788d48cd5e1cb547cd4",
    "url": "https://qualysguard.qg3.apps.qualys.com/certview/#/certificates/189259654",
    "extra": {
      "asset_count": 2,
      "asset_type": "all",
      "certhash": "e6fe22bf45e4f0d3b85c59e02c0f495418e1eb8d3210f788d48cd5e1cb547cd4",
      "certificate_id": 189259654,
      "certificate_type": "Intermediate",
      "created_date": "2026-01-22T18:56:12.000+00:00",
      "endpoint_details": [
        {
          "asset_id": 1060774298,
          "asset_interfaces": [
            {
              "address": "192.178.192.113"
            }
          ],
          "asset_name": "lcyyzn-in-f113.1e100.net",
          "asset_uuid": "a5a21a66-4988-4e8a-bf94-ab19d927d018",
          "host_instances": [
            {
              "fqdn": "",
              "grade": "C",
              "port": 443,
              "pqc_support": false,
              "protocol": "tcp",
              "service": "https",
              "ssl_protocols": [
                "TLSv1",
                "TLSv1.3",
                "TLSv1.2",
                "TLSv1.1"
              ]
            }
          ],
          "primary_ip": "192.178.192.113"
        },
        {
          "asset_id": 1065786012,
          "asset_interfaces": [
            {
              "address": "142.251.181.147"
            }
          ],
          "asset_name": "www.google.com",
          "asset_uuid": "9db074fa-c935-4bd6-a181-47b59141d0f7",
          "host_instances": [
            {
              "fqdn": "",
              "grade": "C",
              "port": 443,
              "pqc_support": false,
              "protocol": "tcp",
              "service": "https",
              "ssl_protocols": [
                "TLSv1",
                "TLSv1.3",
                "TLSv1.2",
                "TLSv1.1"
              ]
            }
          ],
          "primary_ip": "142.251.181.147"
        }
      ],
      "instance_count": 2,
      "issuer_category": "unapproved",
      "last_found": "2026-01-30T12:42:49-05:00",
      "revocation_status": "Not Revoked",
      "sources": [
        "VM"
      ],
      "updated_date": "2026-01-30T17:42:49.000+00:00"
    },
    "cert_pem": "MIIFCzCCAvOgAwIBAgIQf/AFoHxM3tEArZ1mpRB7mDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYDVQQDEwNXUjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp/5x/RR5wqFOfytnlDd5GV1d9vI+aWqxG8YSau5HbyfsvAfuSCQAWXqAc+MGr+XgvSszYhaLYWTwO0xj7sfUkDSbutltkdnwUxy96zqhMt/TZCPzfhyM1IKjiaeKMTj+xWfpgoh6zySBTGYLKNlNtYE3pAJH8do1cCA8Kwtzxc2vFE24KT3rC8gIcLrRjg9ox9i11MLL7q8Ju26nADrn5Z9TDJVd06wW06Y613ijNzHoU5HEDy01hLmFXxRmpC5iEGuh5KdmyjS//V2pm4M6rlagplmNwEmceOuHbsCFx13ye/aoXbv4r+zgXFNFmp6+atXDMyGOBOozAKql2N87jAgMBAAGjgf4wgfswDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTeGx7teRXUPjckwyG77DQ5bUKyMDAfBgNVHSMEGDAWgBTkrysmcRorSCeFL1JmLO/wiRNxPjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAKGGGh0dHA6Ly9pLnBraS5nb29nL3IxLmNydDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vYy5wa2kuZ29vZy9yL3IxLmNybDATBgNVHSAEDDAKMAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAgEARXWL5R87RBOWGqtY8TXJbz3S0DNKhjO6V1FP7sQ02hYSTL8Tnw3UVOlIecAwPJQl8hr0ujKUtjNyC4XuCRElNJThb0Lbgpt7fyqaqf9/qdLeSiDLs/sDA7j4BwXaWZIvGEaYzq9yviQmsR4ATb0IrZNBRAq7x9UBhb+TV+PfdBJTDhEl05vc3ssnbrPCuTNiOcLgNeFbpwkuGcuRKnZc8d/KI4RApW//mkHgte8y0YWuryUJ8GLFbsLIbjL9uNrizkqRSvOFVU6xddZIMy9vhNkSXJ/UcZhjJY1pXAprffJBvei7j+Qi151lRehMCofa6WBmiA4fx+FOVsV2/7R6V2nyAiIJJkEd2nSi5SnzxJrlXdaqev3htytmOPvoKWa676ATL/hzfvDaQBEcXd2Ppvy+275W+DKcH0FBbX62xevGiza3F4ydzxl6NJ8hk8R+dDXSqv1MbRT1ybB5W0k8878XSOjvmiYTDIfyc9acxVJrY/cykHipa+te1pOhv7wYPYtZ9orGBV5SGOJm4NrB3K1aJar0RfzxC3ikr7Dyc6QwqDTBU39CluVIQeuQRgwG3MuSxl7zRERDRilGoKb8uY45JzmxWuKxrfwT/478JuHU/oTxUFqOl2stKnn7QGTq8z29W+GgBLCXSBxC9epaHM0myFH/FJlniXJfHeytWt0="
  }
}

Each scan result includes:

  • Standard fields: result_type, plugin_id, plugin_version, type, timestamp, urn, url, cert_pem
  • Extra fields (Qualys-specific):
    • Identifiers: certificate_id, certhash
    • Properties: certificate_type, revocation_status, self_signed, issuer_category, instance_count, asset_count, imported, asset_type ("managed" or "unmanaged")
    • Dates: created_date, updated_date, last_found (ISO8601)
    • Sources: Array (CLOUD_AGENT, VM_SCANNER, WAS, EASM, SSL_LABS)
    • Endpoints: Asset info, host instances (port/protocol/service/grade/FQDN/SSL protocols/cipher suites)
    • PQC: pqc_supported_algorithms array (KYBER, DILITHIUM, FALCON, etc.)

Empty fields are omitted per plugin framework standards.

Expanding Coverage

To discover more certificates, configure additional discovery sources in your Qualys portal (Cloud Agent, VM Scanner, WAS, EASM). All sources automatically sync to CertView; no plugin changes needed.

Error Handling

Errors include error_type (machine-readable), error_message (user-facing), and error_details (diagnostic).

Common error types: JSON_PARSE_ERROR, JSON_VALIDATION_ERROR, CONNECT_ERROR, NETWORK_ERROR.

Building and Testing

# Build
cd go-modules/qualys-certview-plugin
make build

# Run unit tests
make test

# Run integration tests
make integration-test

# Lint
make lint          # Fast (development)
make lint-full     # Comprehensive (pre-commit)

Security & Limitations

Security:

  • Credentials marked writeOnly in schema for UI masking
  • Service accounts with read-only CertView access recommended
  • Tokens not persisted; plugin re-authenticates each scan

Limitations:

  • Subject to Qualys API rate limits based on subscription tier
  • Does not validate certificate cryptography (trusts Qualys data)
  • Requires correct gateway URL for authentication

Support

Contact: support@entrust.com