All Products
Document Center

Certificate Management Service:Example of calling an API operation

Last Updated:Nov 17, 2023

This topic provides an example on how to query the application status of a domain validated (DV) certificate by calling an API operation.

View API documentation

To query the application status of a DV certificate, call the DescribeCertificateState operation. For more information, see List of operations by function. For more information about the data and permissions that are required to call this operation, see API documentation.

Create a Resource Access Management (RAM) user and grant permissions to the RAM user


You can call this operation by using an Alibaba Cloud account, a RAM user, or a RAM role. For more information about the differences between identities, see Overview. In this topic, a RAM user is used as an example.

You can log on to the RAM console, create a RAM user and grant only the permissions to call operations to the RAM user, and then record the AccessKey pair. For more information about how to create a RAM user, see Create a RAM user.


  1. Go to the Users page of the RAM console. Find the RAM user that you want to manage and click Add Permissions in the Actions column.

  2. In the Select Policy section, select the AliyunYundunCertFullAccess policy, and click OK to complete the authorization. The policy includes the permission to manage Certificate Management Service resources.


By default, an AccessKey pair is generated when you create a RAM user. You can also go to the details page of the RAM user. On the Authentication tab, click Create AccessKey to create an AccessKey pair. For more information, see Create an AccessKey pair.

Call the operation

The following example shows how to call the operation in Java.

Prepare a Java environment.


  • Java Development Kit (JDK) 1.8 or later is downloaded and installed. To download the required JDK version, go to the Java Downloads page on the Oracle official website.

  • IntelliJ IDEA is downloaded and installed. To download IntelliJ IDEA, visit the IntelliJ IDEA official website.

Check the JDK version

Run the java -version command on the terminal to check the JDK version.

Configure environment variables

In this example, environment variables are configured to manage the AccessKey pair. This helps prevent security risks that are caused by hard coding the AccessKey pair into your business code.

  • Linux and macOS

    Replace <access_key_id> and <access_key_secret> in the following commands with your actual AccessKey ID and AccessKey secret.

  • export ALIBABA_CLOUD_ACCESS_KEY_ID=<access_key_id>
    export ALIBABA_CLOUD_ACCESS_KEY_SECRET=<access_key_secret>
  • Windows

    Create an environment variable file, add the ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables to the file, and then specify your AccessKey ID for ALIBABA_CLOUD_ACCESS_KEY_ID and your AccessKey secret for ALIBABA_CLOUD_ACCESS_KEY_SECRET. Then, restart the Windows operating system.

Install dependencies

SDK dependencies


Credential dependencies

We recommend that you use the latest version of Alibaba Cloud Credentials. For more information, visit Credentials.


Download the sample code

  1. Call the DescribeCertificateState operation in OpenAPI Explorer.

  2. On the Parameters tab, specify the OrderId parameter. The parameter specifies the ID of the certificate application order that you want to query.

  3. Click Download Project to download the sample code package for Java.

  4. Decompress the sample code package on your computer, open IntelliJ IDEA, and then import the extracted project.

Run sample code

Run the Java code in IntelliJ IDEA. You can obtain the following output:

  "Type": "domain_verify",
  "Domain": "",
  "RecordType": "TXT",
  "Certificate": "-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----",
  "RequestId": "082FAB35-6AB9-4FD5-8750-D36673548E76",
  "RecordDomain": "_dnsauth",
  "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----…… -----END RSA PRIVATE KEY-----",
  "ValidateType": "FILE",
  "RecordValue": "20200420000000223erigacv46uhaubchcm0o7spxi7i2isvjq59mlx9lucnkqcy",
  "Content": "",
  "Uri": "/.well-known/pki-validation/fileauth.txt"