This tool allows you to generate a report on the breakdown of a value present on the certificatess returned by your query. For example, to generate a report on the cipher suites chosen by HTTPS servers in the United States, you could query for location.country_code: US AND protocols:443/https and then generate a report on the breakdown of the field 443.https.tls.cipher_suite.name. A list of reportable fields is available here.

Many fields have both both parsed and raw values available (e.g., 80.http.get.headers.server and 80.http.get.headers.server.raw. In these cases, the raw value will represent the exact string (e.g., Apache/2.2.22 (Debian)) and the parsed version will bucket on individual terms (e.g., Apache and Debian). Incidentally, in this case, you likely want to aggregate on a parsed out version of the web server, 80.http.get.metadata.description.raw.


Certificate Report


Raw Data


parsed.subject_key_info.rsa_public_key.length Certificates
2048 12,672,461 85.33%
4096 2,157,211 14.53%
3072 16,442 0.11%
8192 1,701 0.01%
1024 1,374 0.01%
Other1,633 0.01%
Total14,850,822 100.0%

JSON Report


{
  "status": "ok", 
  "results": [
    {
      "key": 2048, 
      "doc_count": 12672461
    }, 
    {
      "key": 4096, 
      "doc_count": 2157211
    }, 
    {
      "key": 3072, 
      "doc_count": 16442
    }, 
    {
      "key": 8192, 
      "doc_count": 1701
    }, 
    {
      "key": 1024, 
      "doc_count": 1374
    }
  ], 
  "metadata": {
    "count": 17737984, 
    "backend_time": 264, 
    "nonnull_count": 14850822, 
    "other_result_count": 1633, 
    "buckets": 5, 
    "error_bound": 0, 
    "query": "current_valid_nss: true"
  }
}