DescribeClientCertificate - Certificate Management Service

Queries the details of a single client or server-side certificate by its unique identifier.

Operation description

This operation queries the details of a single client certificate or server-side certificate by its unique identifier. The details include the serial number, subject information, content, and status of the certificate.

Before you call this operation, make sure that you have created a client certificate or a server-side certificate.

For more information about how to create a client certificate by calling an API operation, see:

For more information about how to create a server-side certificate by calling an API operation, see:

QPS limit

The queries per second (QPS) limit for a single user is 10. If you exceed this limit, API calls are throttled. This may affect your business. Plan your calls accordingly.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cert:DescribeClientCertificate

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
Identifier	string	Yes	The unique identifier of the client or server-side certificate that you want to query. Note You can call the ListClientCertificate operation to query the unique identifiers of all client and server-side certificates.	d3b95700998e47afc4d95f886579****

When you call an API operation, you must also include the common request parameters for Alibaba Cloud APIs. For more information about the common request parameters, see the request example in this topic.

For information about the API request format, see the request example in the Example section of this topic.

Response elements

Element	Type	Description	Example
	object	DescribeCertificateResponse
Certificate	object	The details of the client or server-side certificate.
X509Certificate	string	The content of the certificate.	-----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE-----
Identifier	string	The unique identifier of the certificate.	d3b95700998e47afc4d95f886579****
SerialNumber	string	The serial number of the certificate.	62b2b943a32d96883a6650e672ea0276****
SubjectDN	string	The Distinguished Name (DN) of the certificate. The DN indicates the certificate user and includes the following information: C: The country. O: The organization. OU: The department. L: The city. ST: The province or state. CN: The common name.	C=CN,O=阿里云计算有限公司,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun
CommonName	string	The common name of the certificate.	aliyun.com
OrganizationUnit	string	The name of the department in the organization that is associated with the issuing subordinate CA certificate.	Security
Organization	string	The name of the organization that is associated with the issuing subordinate CA certificate.	阿里云计算有限公司
Locality	string	The name of the city where the organization that is associated with the issuing subordinate CA certificate is located.	Hangzhou
State	string	The name of the province, state, or autonomous region where the organization that is associated with the issuing subordinate CA certificate is located.	Zhejiang
CountryCode	string	The country code of the country where the organization that is associated with the issuing subordinate CA certificate is located. For more information about country codes, see the Country codes section in Manage company information.	CN
Sans	string	The Subject Alternative Name (SAN) extension of the certificate. The value indicates other domain names, IP addresses, and other information that are associated with the certificate. This parameter is a JSON array string. Each element in the array is a struct that corresponds to a SAN extension. Each SAN extension struct contains the following parameters: Type: An integer. This parameter specifies the type of the extension. Valid values: 1: an email address. 2: a domain name. 6: a Uniform Resource Identifier (URI). 7: an IP address. Value: A string. This parameter specifies the content of the extension.	[ {"Type": 7, "Value": "192.0.XX.XX"}, {"Type": 2, "Value": "www.aliyundoc.com"}, ]
Status	string	The status of the certificate. Valid values: ISSUE: The certificate is issued. REVOKE: The certificate is revoked.	ISSUE
BeforeDate	integer	The issuance date of the certificate. This value is a UNIX timestamp. Unit: milliseconds.	1634283958000
AfterDate	integer	The expiration date of the certificate. This value is a UNIX timestamp. Unit: milliseconds.	1665819958000
Algorithm	string	The type of the encryption algorithm. Valid values: RSA: The RSA algorithm. ECC: The ECC algorithm. SM2: The SM2 algorithm, which is a Chinese cryptographic algorithm.	RSA
KeySize	integer	The key length of the certificate.	4096
SignAlgorithm	string	The signature algorithm of the certificate.	SHA256WITHRSA
CertificateType	string	The type of the certificate. Valid values: CLIENT: a client certificate. SERVER: a server-side certificate.	SERVER
ParentIdentifier	string	The unique identifier of the subordinate CA certificate that is used to issue the certificate.	160ae6bb538d538c70c01f81dcf2****
Sha2	string	The SHA-256 fingerprint of the certificate.	14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****
Md5	string	The MD5 fingerprint of the certificate.	d3b95700998e47afc4d95f886579****
Days	integer	The validity period of the certificate. Unit: days.	365
ResourceGroupId	string	The ID of the resource group to which the certificate belongs.	rg-acfmxllajdpw3fi
CertChain	string	The complete certificate chain.
Tags	array<object>	A list of tags.
	object	The tag value.
TagKey	string	The tag key.	后台管理
TagValue	string	The tag value.	[{\"tag\":\"PROPERTY_TYPE\",\"values\":[]}]
CustomIdentifier	string	The custom identifier, which is a unique key.
RequestId	string	The ID of the request.	15C66C7B-671A-4297-9187-2C4477247A74

Examples

Success response

JSON format

{
  "Certificate": {
    "X509Certificate": "-----BEGIN CERTIFICATE-----  ...... -----END CERTIFICATE-----",
    "Identifier": "d3b95700998e47afc4d95f886579****",
    "SerialNumber": "62b2b943a32d96883a6650e672ea0276****",
    "SubjectDN": "C=CN,O=阿里云计算有限公司,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun",
    "CommonName": "aliyun.com",
    "OrganizationUnit": "Security",
    "Organization": "阿里云计算有限公司",
    "Locality": "Hangzhou",
    "State": "Zhejiang",
    "CountryCode": "CN",
    "Sans": "[ {\"Type\": 7, \"Value\": \"192.0.XX.XX\"}, {\"Type\": 2, \"Value\": \"www.aliyundoc.com\"}, ]",
    "Status": "ISSUE",
    "BeforeDate": 1634283958000,
    "AfterDate": 1665819958000,
    "Algorithm": "RSA",
    "KeySize": 4096,
    "SignAlgorithm": "SHA256WITHRSA",
    "CertificateType": "SERVER",
    "ParentIdentifier": "160ae6bb538d538c70c01f81dcf2****",
    "Sha2": "14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****",
    "Md5": "d3b95700998e47afc4d95f886579****",
    "Days": 365,
    "ResourceGroupId": "rg-acfmxllajdpw3fi",
    "CertChain": "",
    "Tags": [
      {
        "TagKey": "后台管理",
        "TagValue": "[{\\\"tag\\\":\\\"PROPERTY_TYPE\\\",\\\"values\\\":[]}]"
      }
    ],
    "CustomIdentifier": ""
  },
  "RequestId": "15C66C7B-671A-4297-9187-2C4477247A74"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.