All Products
Search

This Product

    Certificate Management Service:DescribeClientCertificate

    Document Center

    Certificate Management Service:DescribeClientCertificate

    Last Updated:Dec 16, 2025

    Queries the details of a client certificate or a server-side certificate using its unique identifier.

    Operation description

    This operation queries the details of a client certificate or a server-side certificate using its unique identifier. The returned details include the serial number, subject, content, and status of the certificate.

    Before you call this operation, you must create a client certificate or a server-side certificate.

    For more information about how to create a client certificate by calling an API operation, see:

    For more information about how to create a server-side certificate by calling an API operation, see:

    QPS limit

    The queries per second (QPS) limit for a single user is 10. If you exceed this limit, API calls are throttled. This may affect your business. Plan your calls accordingly.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    yundun-cert:DescribeClientCertificate

    get

    *All Resource

    *

    		 None None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    Identifier

    string

    Yes

    The unique identifier of the client certificate or server-side certificate that you want to query.

    Note

    Call the ListClientCertificate operation to query the unique identifiers of all client certificates and server-side certificates.

    d3b95700998e47afc4d95f886579****

    In addition to the request parameters described in this topic, you must also include the common request parameters for Alibaba Cloud API operations.

    For more information about the request format, see the request example in the Examples section of this topic.

    Response elements

    Element

    Type

    Description

    Example

    object

    DescribeCertificateResponse

    Certificate

    object

    The details of the client certificate or server-side certificate.

    X509Certificate

    string

    The content of the certificate.

    -----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE-----
    Identifier

    string

    The unique identifier of the certificate.

    d3b95700998e47afc4d95f886579****
    SerialNumber

    string

    The serial number of the certificate.

    62b2b943a32d96883a6650e672ea0276****
    SubjectDN

    string

    The distinguished name (DN) of the certificate. It indicates the user of the certificate and contains the following information:

    • C: The country.

    • O: The organization.

    • OU: The department.

    • CN: The common name.

    • ST: State or province.

    • CN: Common name.

    C=CN,O=阿里云计算有限公司,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun
    CommonName

    string

    The common name of the certificate.

    aliyun.com
    OrganizationUnit

    string

    The name of the department of the organization that is associated with the subordinate CA that issued the certificate.

    Security
    Organization

    string

    The name of the organization that is associated with the subordinate CA that issued the certificate.

    阿里云计算有限公司
    Locality

    string

    The name of the city where the organization that is associated with the subordinate CA that issued the certificate is located.

    Hangzhou
    State

    string

    The name of the province or state where the organization associated with the issuing subordinate CA certificate is located.

    Zhejiang
    CountryCode

    string

    The code of the country where the organization that is associated with the subordinate CA that issued the certificate is located.

    For more information, see Manage company profiles.

    CN
    Sans

    string

    The Subject Alternative Name (SAN) extension of the certificate. It indicates other domain names, IP addresses, and other information that are associated with the certificate.

    This parameter is a string that is converted from a JSON array. Each element in the JSON array is a struct that corresponds to a SAN extension. Each SAN extension struct contains the following parameters:

    • Type: The type of the extension. This parameter is of the Integer type. Valid values:

      • 1: an email address.

      • 2: a domain name.

      • 6: a Uniform Resource Identifier (URI).

      • 7: an IP address.

    • Value: The content of the extension. This parameter is of the String type.

    [ {"Type": 7, "Value": "192.0.XX.XX"}, {"Type": 2, "Value": "www.aliyundoc.com"}, ]
    Status

    string

    The status of the certificate. Valid values:

    • ISSUE: The certificate is issued.

    • REVOKE: The certificate is revoked.

    ISSUE
    BeforeDate

    integer

    The issuance date of the certificate. This value is a UNIX timestamp. Unit: milliseconds.

    1634283958000
    AfterDate

    integer

    The expiration date of the certificate. This value is a UNIX timestamp. Unit: milliseconds.

    1665819958000
    Algorithm

    string

    The type of the encryption algorithm of the certificate. Valid values:

    • RSA: the RSA algorithm.

    • ECC: the ECC algorithm.

    • SM2: the SM2 algorithm.

    RSA
    KeySize

    integer

    The key length of the certificate.

    4096
    SignAlgorithm

    string

    The signature algorithm of the certificate.

    SHA256WITHRSA
    CertificateType

    string

    The type of the certificate. Valid values:

    • CLIENT: a client certificate.

    • SERVER: a server-side certificate.

    SERVER
    ParentIdentifier

    string

    The unique identifier of the subordinate CA that issued the certificate.

    160ae6bb538d538c70c01f81dcf2****
    Sha2

    string

    The SHA-256 fingerprint of the certificate.

    14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****
    Md5

    string

    The MD5 fingerprint of the certificate.

    d3b95700998e47afc4d95f886579****
    Days

    integer

    The validity period of the certificate. Unit: days.

    365
    ResourceGroupId

    string

    The ID of the resource group to which the certificate belongs.

    rg-acfmxllajdpw3fi
    Tags

    array<object>

    The list of tags.

    object

    A tag.

    TagKey

    string

    The tag key.

    后台管理
    TagValue

    string

    The tag value.

    [{\"tag\":\"PROPERTY_TYPE\",\"values\":[]}]
    RequestId

    string

    The ID of the request.

    15C66C7B-671A-4297-9187-2C4477247A74

    Examples

    Success response

    JSON format

    {
  "Certificate": {
    "X509Certificate": "-----BEGIN CERTIFICATE-----  ...... -----END CERTIFICATE-----",
    "Identifier": "d3b95700998e47afc4d95f886579****",
    "SerialNumber": "62b2b943a32d96883a6650e672ea0276****",
    "SubjectDN": "C=CN,O=阿里云计算有限公司,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun",
    "CommonName": "aliyun.com",
    "OrganizationUnit": "Security",
    "Organization": "阿里云计算有限公司",
    "Locality": "Hangzhou",
    "State": "Zhejiang",
    "CountryCode": "CN",
    "Sans": "[ {\"Type\": 7, \"Value\": \"192.0.XX.XX\"}, {\"Type\": 2, \"Value\": \"www.aliyundoc.com\"}, ]",
    "Status": "ISSUE",
    "BeforeDate": 1634283958000,
    "AfterDate": 1665819958000,
    "Algorithm": "RSA",
    "KeySize": 4096,
    "SignAlgorithm": "SHA256WITHRSA",
    "CertificateType": "SERVER",
    "ParentIdentifier": "160ae6bb538d538c70c01f81dcf2****",
    "Sha2": "14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****",
    "Md5": "d3b95700998e47afc4d95f886579****",
    "Days": 365,
    "ResourceGroupId": "rg-acfmxllajdpw3fi",
    "Tags": [
      {
        "TagKey": "后台管理",
        "TagValue": "[{\\\"tag\\\":\\\"PROPERTY_TYPE\\\",\\\"values\\\":[]}]"
      }
    ]
  },
  "RequestId": "15C66C7B-671A-4297-9187-2C4477247A74"
}

    Error codes

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.