GetDeviceCertificate - ApsaraMQ for MQTT - Alibaba Cloud Documentation Center

Queries the details of a device certificate. Device certificates are digital certificates issued to clients by certificate authority (CA) root certificates. When you connect an ApsaraMQ for MQTT client to an ApsaraMQ for MQTT broker, the broker uses the device certificate to authenticate the client. If the client passes the authentication, the client and the broker can communicate with each other based on the encrypted private key in the device certificate. If the client fails the authentication, access requests from the client are denied by the client.

Operation description

Only ApsaraMQ for MQTT Enterprise Platinum Edition instances support this operation.
You can call this operation up to 500 times per second per Alibaba Cloud account. If you want to increase the limit, join the DingTalk group (ID: 35228338) to contact ApsaraMQ for MQTT technical support.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
MqttInstanceId	string	Yes	The instance ID to which the device certificate is bound, i.e., the instance ID of the Cloud Message Queue MQTT version.	post-cn-7mz2d******
DeviceSn	string	Yes	The SN serial number of the device certificate to be queried, used to uniquely identify a device certificate. Value range: no more than 128 bytes.	356217374433******
CaSn	string	Yes	The SN serial number of the CA certificate to which the device certificate to be queried belongs, used to uniquely identify a CA certificate. Value range: no more than 128 bytes.	007269004887******

Response parameters

Parameter	Type	Description	Example
	object	Schema of Response
RequestId	string	Public parameters, each request ID is unique and can be used for troubleshooting and problem localization.	020F6A43-19E6-4B6E-B846-44EB31DF****
Data	object	Certificate details.
ValidBegin	string	The start time when the device certificate becomes effective. The format is a Unix timestamp in milliseconds.	1654137303000
ValidEnd	string	The end time when the device certificate becomes effective. The format is a Unix timestamp in milliseconds.	1969497303000
DeviceSn	string	The SN serial number of the device certificate, used to uniquely identify a device certificate.	356217374433******
DeviceName	string	Name of the device certificate.	mqtt_device
DeviceContent	string	Content of the device certificate. represents a new line.	-----BEGIN DEVICECERTIFICATE-----\nMIIDuzCCAqdGVzdC5jbi1xaW5n******\n-----END DEVICECERTIFICATE-----
CaSn	string	The SN serial number of the CA certificate to which the device certificate belongs, used to uniquely identify a CA certificate.	00f26900ba87******
Status	string	The status of the device certificate. The values are as follows: 0: Indicates that the certificate is in an inactive state. - 1: Indicates that the certificate is in an active state. Note After the device certificate is registered, it is in an active state by default.	1

Examples

Sample success responses

JSONformat

{
  "RequestId": "020F6A43-19E6-4B6E-B846-44EB31DF****",
  "Data": {
    "ValidBegin": "1654137303000",
    "ValidEnd": "1969497303000",
    "DeviceSn": "356217374433******",
    "DeviceName": "mqtt_device",
    "DeviceContent": "-----BEGIN DEVICECERTIFICATE-----\\nMIIDuzCCAqdGVzdC5jbi1xaW5n******\\n-----END DEVICECERTIFICATE-----",
    "CaSn": "00f26900ba87******",
    "Status": "1"
  }
}

Error codes

HTTP status code	Error code	Error message
400	ParameterFieldCheckFailed	Failed to validate the parameters. The parameters may be missing or invalid.
500	FindDeviceBySnError	Failed to find the device certificate by the SN. Please check sn is valid
500	MqttInstanceNotFound	Specified instance is not found
500	MqttOwnerCheckError	Failed to validate the instance permission

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2025-02-18	The Error code has changed	View Change Details