DescribeCACertificateList - Certificate Management Service

Queries information about all root and intermediate certificate authority (CA) certificates.

Operation description

You can call this operation to query the details of all your root and intermediate CA certificates by page. The details include the unique identifier, serial number, subject information, and content of each certificate.

QPS limit

The queries per second (QPS) limit for this operation is 10 for each user. If you exceed the limit, API calls are throttled. This may affect your business. We recommend that you call this operation a reasonable number of times.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cert:DescribeCACertificateList

list

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
CurrentPage	integer	No	The page number. The default value is 1.	1
ShowSize	integer	No	The number of CA certificates to return on each page. The default value is 20.	20
Identifier	string	No	The unique identifier of the CA certificate. Note Call DescribeCACertificateList to query the unique identifiers of all CA certificates.	1ee47e24-c51b-67cc-aa6b-1f7561cf9d9a
CertType	string	No	The type of the CA. Valid values: root: root CA. subRoot: intermediate CA. externalCa: an imported external CA.	subRoot
CaStatus	string	No	The status of the CA. Valid values: issue: enabled. forbidden: disabled. revoke: revoked.	issue
ValidStatus	string	No	The validity status of the CA. Valid values: valid: The CA certificate is valid. notValid: The CA certificate has expired.	valid
IssuerType	string	No	The issuer of the CA. Valid values: local: private certificate. iTrusChina: a trusted CA. external: an imported external CA.	local
ResourceGroupId	string	No	The resource group ID. You can obtain this ID by calling the ListResources operation.	rg-ae******4wia

Response elements

Element	Type	Description	Example
	object	The object.
CurrentPage	integer	The page number.	1
RequestId	string	The ID of the request.	15C66C7B-671A-4297-9187-2C4477247A74
TotalCount	integer	The total number of root and intermediate CA certificates.	2
PageCount	integer	The number of pages returned.	1
ShowSize	integer	The number of CA certificates on each page.	20
CertificateList	array<object>	The details of the CA certificates.
	object	The certificate information.
Years	integer	The validity period of the CA certificate in years.	3
Status	string	The status of the CA certificate. Valid values: ISSUE: The certificate is issued. REVOKE: The certificate is revoked.	ISSUE
SerialNumber	string	The serial number of the CA certificate.	70e3b2566d92805173767869727fb92e****
CertificateType	string	The type of the CA certificate. Valid values: ROOT: root CA certificate. SUB_ROOT: intermediate CA certificate.	SUB_ROOT
Algorithm	string	The encryption algorithm of the CA certificate. Valid values: RSA: RSA algorithm. ECC: ECC algorithm. SM2: SM2 algorithm.	RSA
State	string	The name of the province or state where the organization associated with the CA certificate is located.	Zhejiang
Organization	string	The name of the organization associated with the CA certificate.	阿里云计算有限公司
ParentIdentifier	string	The unique identifier of the root CA certificate that issued the CA certificate. Note This parameter is returned only when CertificateType is SUB_ROOT, which indicates an intermediate CA certificate.	1a83bcbb89e562885e40aa0108f5****
Locality	string	The name of the city where the organization associated with the CA certificate is located.	Hangzhou
Identifier	string	The unique identifier of the CA certificate.	160ae6bb538d538c70c01f81dcf2****
Sans	string	This parameter is deprecated.	1
KeySize	integer	The key length of the CA certificate.	2048
X509Certificate	string	The content of the CA certificate.	-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----
SubjectDN	string	The distinguished name (DN) of the CA certificate. The DN indicates the user of the certificate and contains the following information: C: The country code where the organization is located. O: The name of the organization. OU: The department of the organization. L: The city where the organization is located. CN: The common name or abbreviation of the organization.	C=CN,O=阿里云计算有限公司,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun
SignAlgorithm	string	The signature algorithm of the CA certificate.	SHA256WITHRSA
OrganizationUnit	string	The name of the department of the organization associated with the CA certificate.	Security
AfterDate	integer	The expiration date of the CA certificate. This value is a UNIX timestamp. Unit: milliseconds.	1665819958000
Sha2	string	The SHA-256 fingerprint of the CA certificate.	14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****
CommonName	string	The common name or abbreviation of the organization associated with the CA certificate.	Aliyun
Md5	string	The MD5 fingerprint of the CA certificate.	160ae6bb538d538c70c01f81dcf2****
CountryCode	string	The country code of the country where the organization associated with the CA certificate is located. For more information about country codes, see the Country codes section in Manage company information.	CN
BeforeDate	integer	The issuance date of the CA certificate. This value is a UNIX timestamp. Unit: milliseconds.	1634283958000
Alias	string	The alias of the instance.	Aliyun_CA
Trial	integer	Indicates whether the instance is a trial instance. Valid values: 0: no. 1: yes.	0
Gift	integer	Indicates whether the instance is a free instance. Valid values: 0: no. 1: yes.	1
ResourceGroupId	string	The ID of the resource group to which the certificate belongs.	rg-acfmzjwrhehpavi

Examples

Success response

JSON format

{
  "CurrentPage": 1,
  "RequestId": "15C66C7B-671A-4297-9187-2C4477247A74",
  "TotalCount": 2,
  "PageCount": 1,
  "ShowSize": 20,
  "CertificateList": [
    {
      "Years": 3,
      "Status": "ISSUE",
      "SerialNumber": "70e3b2566d92805173767869727fb92e****",
      "CertificateType": "SUB_ROOT",
      "Algorithm": "RSA",
      "State": "Zhejiang",
      "Organization": "阿里云计算有限公司",
      "ParentIdentifier": "1a83bcbb89e562885e40aa0108f5****",
      "Locality": "Hangzhou",
      "Identifier": "160ae6bb538d538c70c01f81dcf2****",
      "Sans": "1",
      "KeySize": 2048,
      "X509Certificate": "-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----",
      "SubjectDN": "C=CN,O=阿里云计算有限公司,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun",
      "SignAlgorithm": "SHA256WITHRSA",
      "OrganizationUnit": "Security",
      "AfterDate": 1665819958000,
      "Sha2": "14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****",
      "CommonName": "Aliyun",
      "Md5": "160ae6bb538d538c70c01f81dcf2****",
      "CountryCode": "CN",
      "BeforeDate": 1634283958000,
      "Alias": "Aliyun_CA",
      "Trial": 0,
      "Gift": 1,
      "ResourceGroupId": "rg-acfmzjwrhehpavi"
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.