DescribeCACertificate - Certificate Management Service - Alibaba Cloud Documentation Center

Queries the details about a root certificate authority (CA) certificate or an intermediate CA certificate.

Operation description

You can call the DescribeCACertificate operation to query the details about a root CA certificate or an intermediate CA certificate by using the unique identifier of the root CA certificate or intermediate CA certificate. The details include the serial number, user information, and content of a CA certificate.

Before you call this operation, make sure that you have created a root CA by calling the [CreateRootCACertificate] operation or an intermediate CA certificate by calling the [CreateSubCACertificate] operation.

Limits

You can call this operation up to 10 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
Identifier	string	No	The unique identifier of the CA certificate that you want to query. Note You can call the DescribeCACertificateList operation to query the unique identifiers of all CA certificates.	160ae6bb538d538c70c01f81dcf2****

All Alibaba Cloud API operations must include common request parameters.

For more information about sample requests, see the "Examples" section of this topic.

Response parameters

Parameter	Type	Description	Example
	object	DescribeCACertificateResponse.
Certificate	object	The details about the CA certificate.
CertificateType	string	The type of the CA certificate. Valid values: ROOT: root CA certificate SUB_ROOT: intermediate CA certificate	SUB_ROOT
X509Certificate	string	The content of the CA certificate.	-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----
Identifier	string	The unique identifier of the CA certificate.	160ae6bb538d538c70c01f81dcf2****
SerialNumber	string	The serial number of the CA certificate.	70e3b2566d92805173767869727fb92e****
SubjectDN	string	The user attribute of the CA certificate, which contains the following information: C: the country code in which the organization is located O: the name of the organization OU: the name of the department or branch in the organization L: the name of the city in which the organization is located ST: the name of the province, municipality, or autonomous region in which the organization is located CN: the common name or abbreviation of the organization	C=CN,O=Alibaba Cloud Computing Co., Ltd.,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun
CommonName	string	The common name or abbreviation of the organization that is associated with the CA certificate.	Aliyun
OrganizationUnit	string	The name of the department or branch in the organization that is associated with the CA certificate.	Security
Organization	string	The name of the organization that is associated with the CA certificate.	Alibaba Cloud Computing Co., Ltd.
Locality	string	The name of the city in which the organization is located.	Hangzhou
State	string	The name of the province, municipality, or autonomous region in which the organization is located.	Zhejiang
CountryCode	string	The code of the country in which the organization is located. For more information about country codes, see the "Country codes" section of the Manage company profiles topic.	CN
Sans	string	This parameter is deprecated.	1
Status	string	The status of the CA certificate. Valid values: ISSUE: The CA certificate is issued. REVOKE: The CA certificate is revoked.	ISSUE
Algorithm	string	The encryption algorithm of the CA certificate. Valid values: RSA: the Rivest-Shamir-Adleman (RSA) algorithm. ECC: the elliptic curve cryptography (ECC) algorithm. SM2: the SM2 algorithm, which is developed and approved by the State Cryptography Administration of China.	RSA
KeySize	integer	The key length of the CA certificate.	2048
SignAlgorithm	string	The signature algorithm of the CA certificate.	SHA256WITHRSA
BeforeDate	long	The issuance date of the CA certificate. This value is a UNIX timestamp. Unit: milliseconds.	1634283958000
AfterDate	long	The expiration date of the CA certificate. This value is a UNIX timestamp. Unit: milliseconds.	1665819958000
ParentIdentifier	string	The unique identifier of the root CA certificate from which the CA certificate is issued. Note This parameter is returned only if the value of the CertificateType parameter is SUB_ROOT. The value SUB_ROOT indicates an intermediate CA certificate.	1a83bcbb89e562885e40aa0108f5****
Sha2	string	The SHA-256 fingerprint of the CA certificate.	14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****
Md5	string	The MD5 fingerprint of the CA certificate.	160ae6bb538d538c70c01f81dcf2****
CrlStatus	string	The status of the certificate revocation list (CRL) feature.	ACTIVE
CrlUrl	string	The address of the CRL.	https://crl-cn-publish.oss-cn-hangzhou.aliyuncs.com/pca/crl/1925647866611395/1ed40789-483f-6023-b6b8-29ddd3bb0a9a.crl
CertTotalCount	long	The total number of purchased certificate quotas.	40
CertRemainingCount	long	The remaining number of assignable certificate quotas.	30
CertIssuedCount	long	The number of certificates issued by private CA instances.	10
CaCertChain	string	CA certificate chain.
CrlDay	integer	CRL validity period: 1-365 days.	90
RequestId	string	The ID of the request.	15C66C7B-671A-4297-9187-2C4477247A74
Years	integer	The validity period of the CA certificate. Unit: years.	10

Examples

Sample success responses

JSONformat

{
  "Certificate": {
    "CertificateType": "SUB_ROOT",
    "X509Certificate": "-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----",
    "Identifier": "160ae6bb538d538c70c01f81dcf2****",
    "SerialNumber": "70e3b2566d92805173767869727fb92e****",
    "SubjectDN": "C=CN,O=Alibaba Cloud Computing Co., Ltd.,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun\n",
    "CommonName": "Aliyun",
    "OrganizationUnit": "Security",
    "Organization": "Alibaba Cloud Computing Co., Ltd.\n",
    "Locality": "Hangzhou",
    "State": "Zhejiang",
    "CountryCode": "CN",
    "Sans": "1",
    "Status": "ISSUE",
    "Algorithm": "RSA",
    "KeySize": 2048,
    "SignAlgorithm": "SHA256WITHRSA",
    "BeforeDate": 1634283958000,
    "AfterDate": 1665819958000,
    "ParentIdentifier": "1a83bcbb89e562885e40aa0108f5****",
    "Sha2": "14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****",
    "Md5": "160ae6bb538d538c70c01f81dcf2****",
    "CrlStatus": "ACTIVE",
    "CrlUrl": "https://crl-cn-publish.oss-cn-hangzhou.aliyuncs.com/pca/crl/1925647866611395/1ed40789-483f-6023-b6b8-29ddd3bb0a9a.crl",
    "CertTotalCount": 40,
    "CertRemainingCount": 30,
    "CertIssuedCount": 10,
    "CaCertChain": "",
    "CrlDay": 90
  },
  "RequestId": "15C66C7B-671A-4297-9187-2C4477247A74",
  "Years": 10
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-07-09	API Description Update. The response structure of the API has changed	View Change Details
2024-03-14	The response structure of the API has changed	View Change Details
2023-09-05	The response structure of the API has changed	View Change Details