DescribeClientCertificate - Certificate Management Service

This operation queries the details of a specific client certificate or server-side certificate using its unique identifier.

Operation description

You can call this operation to query the details of a client certificate or a server-side certificate by its unique identifier. The details include the serial number, subject, content, and status of the certificate.

Before you call this operation, you must create a client certificate or a server-side certificate.

To create a client certificate by calling an API, see the following topics:

To create a server-side certificate by calling an API, see the following topics:

Limits

The queries per second (QPS) limit for this API call is 10 per user. If you exceed this limit, throttling is triggered, which may affect your business. Plan your calls accordingly.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cert:DescribeClientCertificate

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
Identifier	string	Yes	The unique identifier of the client certificate or server-side certificate to query. Note Call ListClientCertificate to query the unique identifiers of all client certificates and server-side certificates.	d3b95700998e47afc4d95f886579****

In addition to the preceding request parameters, you must specify common request parameters when you call this API. For more information about common request parameters, see Common Parameters.

For the request format, see the request sample in the Examples section of this topic.

Response elements

Element	Type	Description	Example
	object	DescribeCertificateResponse<CertificateWithContentDTO>
Certificate	object	The details of the client certificate or server-side certificate.
X509Certificate	string	The content of the certificate.	-----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE-----
Identifier	string	The unique identifier of the certificate.	d3b95700998e47afc4d95f886579****
SerialNumber	string	The serial number of the certificate.	62b2b943a32d96883a6650e672ea0276****
SubjectDN	string	The subject Distinguished Name (DN) of the certificate. This value is composed of the following fields: C: Country. O: Organization. OU: Organizational unit. CN: Common name. ST: Province or state. CN: Common name.	C=CN,O=Aliyun,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun
CommonName	string	The common name of the certificate.	aliyun.com
OrganizationUnit	string	The organizational unit of the certificate subject.	Security
Organization	string	The organization associated with the certificate of the issuing subordinate CA.	Aliyun
Locality	string	The city where the subject organization is located.	Hangzhou
State	string	The state or province where the subject organization is located.	Zhejiang
CountryCode	string	The country code of the subject organization. For more information about country codes, see the International codes section in Manage company profiles.	CN
Sans	string	The Subject Alternative Name (SAN) extension of the certificate. The SAN extension indicates other domain names or IP addresses that are associated with the certificate. This parameter is a string that is converted from a JSON array. Each element in the JSON array is a struct that corresponds to a SAN extension. Each SAN extension struct contains the following parameters: Type: The type of the extension. This parameter is of the Integer type. Valid values: 1: an email address. 2: a domain name. 6: a Uniform Resource Identifier (URI). 7: an IP address. Value: The content of the extension. This parameter is of the String type.	[ {"Type": 7, "Value": "192.0.XX.XX"}, {"Type": 2, "Value": "www.aliyundoc.com"}, ]
Status	string	The status of the certificate. Valid values: ISSUE: The certificate is issued. REVOKE: The certificate is revoked.	ISSUE
BeforeDate	integer	The issuance date of the certificate. This value is a UNIX timestamp. Unit: milliseconds.	1634283958000
AfterDate	integer	The expiration date of the certificate. This value is a UNIX timestamp. Unit: milliseconds.	1665819958000
Algorithm	string	The type of the encryption algorithm. Valid values: RSA: the RSA algorithm. ECC: the ECC algorithm. SM2: the SM2 algorithm.	RSA
KeySize	integer	The key length of the certificate.	4096
SignAlgorithm	string	The signature algorithm of the certificate.	SHA256WITHRSA
CertificateType	string	The type of the certificate. Valid values: CLIENT: a client certificate. SERVER: a server-side certificate.	SERVER
ParentIdentifier	string	The unique identifier of the subordinate CA certificate that issued the certificate.	160ae6bb538d538c70c01f81dcf2****
Sha2	string	The SHA-256 fingerprint of the certificate.	14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****
Md5	string	The MD5 fingerprint of the certificate.	d3b95700998e47afc4d95f886579****
Days	integer	The validity period of the certificate. Unit: days.	365
ResourceGroupId	string	The ID of the resource group to which the certificate belongs.	rg-acfmxllajdpw3fi
CertChain	string	The complete certificate chain.	-----BEGIN CERTIFICATE----- cert -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- subCA -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- rootCA -----END CERTIFICATE-----
CustomIdentifier	string	The custom identifier, which is a unique key.	*3a32d96883a6650e672ea0276**
UploadFlag	integer	Indicates whether the certificate is synchronized to Digital Certificate Management Service.	1
FullAlgorithm	string	The algorithm and its length.	RSA_2048
AliasName	string	The alias of the issued certificate.	rsa_root_2048
Id	integer	The ID of the data source to which the certificate order belongs.	1137354
Tags	array<object>	The list of tags.	mtls
	object	The tag value.
TagKey	string	The tag key.	testKey
TagValue	string	The tag value.	[{\"tag\":\"PROPERTY_TYPE\",\"values\":[]}]
RequestId	string	The ID of the request.	15C66C7B-671A-4297-9187-2C4477247A74

Examples

Success response

JSON format

{
  "Certificate": {
    "X509Certificate": "-----BEGIN CERTIFICATE-----  ...... -----END CERTIFICATE-----",
    "Identifier": "d3b95700998e47afc4d95f886579****",
    "SerialNumber": "62b2b943a32d96883a6650e672ea0276****",
    "SubjectDN": "C=CN,O=Aliyun,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun",
    "CommonName": "aliyun.com",
    "OrganizationUnit": "Security",
    "Organization": "Aliyun",
    "Locality": "Hangzhou",
    "State": "Zhejiang",
    "CountryCode": "CN",
    "Sans": "[ {\"Type\": 7, \"Value\": \"192.0.XX.XX\"}, {\"Type\": 2, \"Value\": \"www.aliyundoc.com\"}, ]",
    "Status": "ISSUE",
    "BeforeDate": 1634283958000,
    "AfterDate": 1665819958000,
    "Algorithm": "RSA",
    "KeySize": 4096,
    "SignAlgorithm": "SHA256WITHRSA",
    "CertificateType": "SERVER",
    "ParentIdentifier": "160ae6bb538d538c70c01f81dcf2****",
    "Sha2": "14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****",
    "Md5": "d3b95700998e47afc4d95f886579****",
    "Days": 365,
    "ResourceGroupId": "rg-acfmxllajdpw3fi",
    "CertChain": "-----BEGIN CERTIFICATE-----\ncert\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nsubCA\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nrootCA\n-----END CERTIFICATE-----",
    "CustomIdentifier": "***3a32d96883a6650e672ea0276****",
    "UploadFlag": 1,
    "FullAlgorithm": "RSA_2048",
    "AliasName": "rsa_root_2048",
    "Id": 1137354,
    "Tags": [
      {
        "TagKey": "testKey",
        "TagValue": "[{\\\"tag\\\":\\\"PROPERTY_TYPE\\\",\\\"values\\\":[]}]"
      }
    ]
  },
  "RequestId": "15C66C7B-671A-4297-9187-2C4477247A74"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.