Queries information about a certificate.

In this example, the information about the certificate whose ID is 9a28de48-8d8b-484d-a766-dec4**** is queried. The certificate information includes the certificate ID, creation time, certificate issuer, validity period, serial number, and signature algorithm.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

ParameterTypeRequiredExampleDescription
ActionStringYesDescribeCertificate

The operation that you want to perform. Set the value to DescribeCertificate.

CertificateIdStringYes9a28de48-8d8b-484d-a766-dec4****

The ID of the certificate. The ID must be globally unique in Certificates Manager.

For more information about common request parameters, see Common parameters.

Response parameters

ParameterTypeExampleDescription
ArnStringacs:kms:cn-hangzhou:159498693826****:certificate/9a28de48-8d8b-484d-a766-dec4****"

The Alibaba Cloud Resource Name (ARN) of the certificate.

CertificateIdString9a28de48-8d8b-484d-a766-dec4****

The ID of the certificate. The ID must be globally unique in Certificates Manager.

CreatedAtString2020-10-13T03:05:03Z

The time when the certificate was created.

ExportablePrivateKeyBooleantrue

Indicates whether the private key of the certificate can be exported for use. Valid values:

  • true: The private key of the certificate can be exported for use. This is the default value.
  • false: The private key of the certificate cannot be exported for use.
IssuerStringCN=testCA,OU=kms,O=aliyun,C=CN

The certificate issuer in the distinguished name (DN) format.

KeySpecStringRSA_2048

The type of the key.

NotAfterString2022-10-13T03:09:00Z

The end of the validity period of the certificate.

NotBeforeString2020-10-13T03:09:00Z

The beginning of the validity period of the certificate.

RequestIdStringedb671a3-c5a1-4ebe-a1de-d748b640bdf2

The ID of the request.

SerialString12345678

The serial number of the certificate.

SignatureAlgorithmStringECDSA-SHA256

The signature algorithm of the certificate. Valid values:

  • RSA2048-SHA256
  • ECDSA-SHA256
  • SM2-SM3
StatusStringACTIVE

The status of the certificate. Valid values:

  • PENDING: The certificate is to be imported.
  • ACTIVE: The certificate is enabled.
  • INACTIVE: The certificate is disabled.
  • REVOKED: The certificate is revoked.
SubjectStringCN=userName,OU=aliyun,O=aliyun,C=CN

The subject of the certificate, which is in the DN format.

SubjectAlternativeNamesList["test1.example.com","test2.example.com"]

The alias of the certificate subject.

A domain name list is supported. A maximum of 10 domain names are supported.

SubjectKeyIdentifierString79 36 26 DE 9F F5 15 E3 56 DC ****

The public key identifier of the certificate subject.

SubjectPublicKeyString-----BEGIN PUBLIC KEY----- MIIBIjA -----END PUBLIC KEY-----

The public key of the certificate.

TagsMap[{\"TagKey\":\"S1key1\",\"TagValue\":\"S1val1\"},{\"TagKey\":\"S1key2\",\"TagValue\":\"S2val2\"}]

The tag of the certificate.

UpdatedAtString2020-12-23T06:10:13Z

The time when the certificate was updated.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeCertificate
&CertificateId=9a28de48-8d8b-484d-a766-dec4****
&<Common request parameters>

Sample success responses

XML format

<KMS>
      <Status>ACTIVE</Status>
      <RequestId>edb671a3-c5a1-4ebe-a1de-d748b640bdf2</RequestId>
      <Issuer>CN=testCA,OU=kms,O=aliyun,C=CN</Issuer>
      <CertificateId>9a28de48-8d8b-484d-a766-dec4****</CertificateId>
      <CreatedAt>2020-10-13T03:05:03Z</CreatedAt>
      <KeySpec>RSA_2048</KeySpec>
      <SubjectAlternativeNames>[\"test1.example.com\",\"test2.example.com\"]</SubjectAlternativeNames>
      <SignatureAlgorithm>ECDSA-SHA256</SignatureAlgorithm>
      <SubjectKeyIdentifier>79 36 26 DE 9F F5 15 E3 56 DC ********</SubjectKeyIdentifier>
      <NotAfter>2022-10-13T03:09:00Z</NotAfter>
      <ExportablePrivateKey>true</ExportablePrivateKey>
      <UpdatedAt>2020-10-13T03:15:00Z</UpdatedAt>
      <Subject>CN=userName,OU=aliyun,O=aliyun,C=CN</Subject>
      <Serial>12345678</Serial>
      <SubjectPublicKey>-----BEGIN PUBLIC KEY----- MIIBIjA -----END PUBLIC KEY-----</SubjectPublicKey>
      <NotBefore>2020-10-13T03:09:00Z</NotBefore>
      <Arn>acs:kms:cn-hangzhou:159498693826****:certificate/9a28de48-8d8b-484d-a766-dec4****</Arn>
      <Tags>[{\"TagKey\":\"S1key1\",\"TagValue\":\"S1val1\"},{\"TagKey\":\"S1key2\",\"TagValue\":\"S2val2\"}]</Tags>
</KMS>

JSON format

{
    "Status": "ACTIVE",
    "RequestId": "edb671a3-c5a1-4ebe-a1de-d748b640bdf2",
    "Issuer": "CN=testCA,OU=kms,O=aliyun,C=CN",
    "CertificateId": "9a28de48-8d8b-484d-a766-dec4****",
    "CreatedAt": "2020-10-13T03:05:03Z",
    "KeySpec": "RSA_2048",
    "SubjectAlternativeNames": "[\"test1.example.com\",\"test2.example.com\"]",
    "SignatureAlgorithm": "ECDSA-SHA256",
    "SubjectKeyIdentifier": "79 36 26 DE 9F F5 15 E3 56 DC ********",
    "NotAfter": "2022-10-13T03:09:00Z",
    "ExportablePrivateKey": "true",
    "UpdatedAt": "2020-10-13T03:15:00Z",
    "Subject": "CN=userName,OU=aliyun,O=aliyun,C=CN",
    "Serial": "12345678",
    "SubjectPublicKey": "-----BEGIN PUBLIC KEY----- MIIBIjA -----END PUBLIC KEY-----",
    "NotBefore": "2020-10-13T03:09:00Z",
    "Arn": "acs:kms:cn-hangzhou:159498693826****:certificate/9a28de48-8d8b-484d-a766-dec4****",
    "Tags": "[{\"TagKey\":\"S1key1\",\"TagValue\":\"S1val1\"},{\"TagKey\":\"S1key2\",\"TagValue\":\"S2val2\"}]"
 }

Error codes

HttpCodeError codeError messageDescription
404Certificate.NotFoundThe specified certificate is not found.The error message returned because the specified certificate does not exist.

For a list of error codes, visit the API Error Center.