All Products
Search

This Product

    Key Management Service:DescribeCertificate

    Document Center

    Key Management Service:DescribeCertificate

    Last Updated:Jul 29, 2025

    Queries information about a certificate.

    Operation description

    This topic provides an example of how to query information about a certificate with the ID 9a28de48-8d8b-484d-a766-dec4****. The returned information includes the certificate ID, creation time, issuer, validity period, serial number, and signature algorithm.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    No authorization for this operation. If you encounter issues with this operation, contact technical support.

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    CertificateId

    string

    Yes

    The ID of the certificate. This is the globally unique identifier of the certificate in Certificate Manager.

    9a28de48-8d8b-484d-a766-dec4****

    Response parameters

    Parameter

    Type

    Description

    Example

    object

    Status

    string

    The status of the certificate. Valid values:

    • PENDING: The certificate is pending import.

    • ACTIVE: The certificate is enabled.

    • INACTIVE: The certificate is disabled.

    • REVOKED: The certificate is revoked.

    ACTIVE
    Serial

    string

    The certificate serial number.

    12345678
    CreatedAt

    string

    The time when the certificate was created.

    2020-10-13T03:05:03Z
    Tags

    object

    The tags of the certificate.

    [{\"TagKey\":\"S1key1\",\"TagValue\":\"S1val1\"},{\"TagKey\":\"S1key2\",\"TagValue\":\"S2val2\"}]
    SubjectKeyIdentifier

    string

    The subject key identifier.

    79 36 26 DE 9F F5 15 E3 56 DC ****
    ExportablePrivateKey

    boolean

    Indicates whether the private key of the certificate can be exported. Valid values:

    • true (default): The private key can be exported.

    • false: The private key cannot be exported.

    true
    Issuer

    string

    The issuer of the certificate. The value is a distinguished name (DN).

    CN=testCA,OU=kms,O=aliyun,C=CN
    SignatureAlgorithm

    string

    The signature algorithm of the certificate. Valid values:

    • RSA2048-SHA256

    • ECDSA-SHA256

    • SM2-SM3

    ECDSA-SHA256
    NotAfter

    string

    The time when the certificate expires.

    2022-10-13T03:09:00Z
    Arn

    string

    The Alibaba Cloud Resource Name (ARN) of the certificate.

    acs:kms:cn-hangzhou:159498693826****:certificate/9a28de48-8d8b-484d-a766-dec4****"
    CertificateId

    string

    The ID of the certificate. This is the globally unique identifier of the certificate in Certificate Manager.

    9a28de48-8d8b-484d-a766-dec4****
    RequestId

    string

    The ID of the request.

    edb671a3-c5a1-4ebe-a1de-d748b640bdf2
    KeySpec

    string

    The type of the key.

    RSA_2048
    SubjectPublicKey

    string

    The public key of the certificate.

    -----BEGIN PUBLIC KEY----- MIIBIjA -----END PUBLIC KEY-----
    Subject

    string

    The subject of the certificate. The value is a distinguished name (DN).

    CN=userName,OU=aliyun,O=aliyun,C=CN
    NotBefore

    string

    The time when the certificate becomes valid.

    2020-10-13T03:09:00Z
    UpdatedAt

    string

    The time when the certificate was updated.

    2020-12-23T06:10:13Z
    SubjectAlternativeNames

    array

    The list of domain names. A maximum of 10 domain names are supported.

    string

    The subject alternative name of the certificate.

    ["test1.example.com","test2.example.com"]

    Examples

    Success response

    JSON format

    {
  "Status": "ACTIVE",
  "Serial": "12345678",
  "CreatedAt": "2020-10-13T03:05:03Z",
  "Tags": {
    "test": "test",
    "test2": 1
  },
  "SubjectKeyIdentifier": "79 36 26 DE 9F F5 15 E3 56 DC ****",
  "ExportablePrivateKey": true,
  "Issuer": "CN=testCA,OU=kms,O=aliyun,C=CN",
  "SignatureAlgorithm": "ECDSA-SHA256",
  "NotAfter": "2022-10-13T03:09:00Z",
  "Arn": "acs:kms:cn-hangzhou:159498693826****:certificate/9a28de48-8d8b-484d-a766-dec4****\"",
  "CertificateId": "9a28de48-8d8b-484d-a766-dec4****",
  "RequestId": "edb671a3-c5a1-4ebe-a1de-d748b640bdf2",
  "KeySpec": "RSA_2048",
  "SubjectPublicKey": "-----BEGIN PUBLIC KEY----- MIIBIjA -----END PUBLIC KEY-----",
  "Subject": "CN=userName,OU=aliyun,O=aliyun,C=CN",
  "NotBefore": "2020-10-13T03:09:00Z",
  "UpdatedAt": "2020-12-23T06:10:13Z",
  "SubjectAlternativeNames": [
    "[\"test1.example.com\",\"test2.example.com\"]"
  ]
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    400 InvalidParameter The specified parameter is not valid. An invalid value is specified for the parameter.
    404 Certificate.NotFound The specified certificate is not found. The specified certificate does not exist.
    404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.