All Products
Search

This Product

    Certificate Management Service:DescribeClientCertificateForSerialNumber

    Document Center

    Certificate Management Service:DescribeClientCertificateForSerialNumber

    Last Updated:Jan 20, 2026

    Queries the details of multiple client or server-side certificates by their serial numbers.

    Note

    This API has been deprecated. We recommend migrating to cas(2020-06-30) - DescribeClientCertificate for enhanced functionality and continued support. While the deprecated API remains temporarily accessible, no further updates or bug fixes will be provided.

    Operation description

    QPS limit

    The queries per second (QPS) limit for this operation is 10 calls per second per account. If the number of calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.

    Before you call this operation, make sure that you have created a client certificate or a server certificate.

    You can call the following operations to create a client certificate:

    You can call the following operations to create a server certificate:

    QPS limits

    You can call this operation up to 10 times per second per account. Exceeding this limit triggers throttling, which can affect your business. We recommend that you plan your calls accordingly.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    yundun-cert:DescribeClientCertificateForSerialNumber

    get

    *All Resource

    *

    		 None None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    SerialNumber

    string

    Yes

    The serial numbers of the client or server-side certificates that you want to query. Separate multiple serial numbers with commas (,).

    Note

    You can call the ListClientCertificate operation to query the serial numbers of all client and server-side certificates.

    084bde9cd233f0ddae33adc438cfbbbd****

    When you call this operation, you must also include the common request parameters. For more information, see Common parameters.

    For the request format, see the request example in the Examples section of this topic.

    Response elements

    Element

    Type

    Description

    Example

    object

    ListCertificateResponse

    CertificateList

    array<object>

    The details of the client or server-side certificates.

    object

    The certificate information.

    X509Certificate

    string

    The content of the certificate.

    -----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE-----
    Identifier

    string

    The unique identifier of the certificate.

    d3b95700998e47afc4d95f886579****
    SerialNumber

    string

    The serial number of the certificate.

    084bde9cd233f0ddae33adc438cfbbbd****
    SubjectDN

    string

    The distinguished name (DN) of the certificate. The DN contains the following information about the certificate owner:

    • C: Country

    • O: Organization

    • OU: Department

    • CN: Common name

    • ST: The province or state.

    • CN: Common name.

    C=CN,O=阿里云计算有限公司,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun
    CommonName

    string

    The common name of the certificate.

    aliyun.com
    OrganizationUnit

    string

    The name of the department in the organization that is associated with the subordinate CA certificate that issued this certificate.

    Security
    Organization

    string

    The name of the organization that is associated with the subordinate CA certificate that issued this certificate.

    阿里云计算有限公司
    Locality

    string

    The name of the city where the organization that is associated with the subordinate CA certificate that issued this certificate is located.

    Hangzhou
    State

    string

    The name of the province, state, municipality, or autonomous region where the organization that is associated with the subordinate CA certificate that issued this certificate is located.

    Zhejiang
    CountryCode

    string

    The country code of the country where the organization that is associated with the subordinate CA certificate that issued this certificate is located.

    For more information about country codes, see the Country codes section in Manage company profiles.

    CN
    Sans

    string

    The subject alternative name (SAN) extension of the certificate. The SAN extension indicates other domain names or IP addresses that are associated with the certificate.

    This parameter is a string that is converted from a JSON array. Each element in the JSON array is a struct that corresponds to a SAN extension. Each SAN extension struct contains the following parameters:

    • Type: The type of the extension. This parameter is of the integer type. Valid values:

      • 1: email address

      • 2: domain name

      • 6: Uniform Resource Identifier (URI)

      • 7: IP address

    • Value: The content of the extension. This parameter is of the string type.

    [ {"Type": 7, "Value": "192.0.XX.XX"}, {"Type": 2, "Value": "www.aliyundoc.com"}, ]
    Status

    string

    The status of the certificate. Valid values:

    • ISSUE: The certificate is issued.

    • REVOKE: The certificate is revoked.

    ISSUE
    BeforeDate

    string

    The time when the certificate was issued.

    2021-10-28T16:15Z
    AfterDate

    string

    The time when the certificate expires.

    2022-08-23T16:15Z
    Algorithm

    string

    The type of the encryption algorithm. Valid values:

    • RSA: RSA algorithm

    • ECC: ECC algorithm

    • SM2: SM2 algorithm

    RSA
    KeySize

    integer

    The key length of the certificate.

    4096
    SignAlgorithm

    string

    The signature algorithm of the certificate.

    SHA256WITHRSA
    CertificateType

    string

    The type of the certificate.

    SUB_ROOT
    ParentIdentifier

    string

    If this parameter is not empty, the issuer of the client certificate is Alibaba Cloud.

    1a83bcbb89e562885e40aa0108f5****
    Sha2

    string

    The SHA-256 fingerprint of the certificate.

    14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****
    Md5

    string

    The MD5 fingerprint of the certificate.

    d3b95700998e47afc4d95f886579****
    Years

    integer

    This parameter is deprecated.

    1
    RequestId

    string

    The ID of the request.

    15C66C7B-671A-4297-9187-2C4477247A74

    Examples

    Success response

    JSON format

    {
  "CertificateList": [
    {
      "X509Certificate": "-----BEGIN CERTIFICATE-----  ...... -----END CERTIFICATE-----",
      "Identifier": "d3b95700998e47afc4d95f886579****",
      "SerialNumber": "084bde9cd233f0ddae33adc438cfbbbd****",
      "SubjectDN": "C=CN,O=阿里云计算有限公司,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun",
      "CommonName": "aliyun.com",
      "OrganizationUnit": "Security",
      "Organization": "阿里云计算有限公司",
      "Locality": "Hangzhou",
      "State": "Zhejiang",
      "CountryCode": "CN",
      "Sans": "[ {\"Type\": 7, \"Value\": \"192.0.XX.XX\"}, {\"Type\": 2, \"Value\": \"www.aliyundoc.com\"}, ]",
      "Status": "ISSUE",
      "BeforeDate": "2021-10-28T16:15Z",
      "AfterDate": "2022-08-23T16:15Z",
      "Algorithm": "RSA",
      "KeySize": 4096,
      "SignAlgorithm": "SHA256WITHRSA",
      "CertificateType": "SUB_ROOT",
      "ParentIdentifier": "1a83bcbb89e562885e40aa0108f5****",
      "Sha2": "14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****",
      "Md5": "d3b95700998e47afc4d95f886579****",
      "Years": 1
    }
  ],
  "RequestId": "15C66C7B-671A-4297-9187-2C4477247A74"
}

    Error codes

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.