All Products
Search
Document Center

Certificate Management Service:DescribeCACertificate

最終更新日:Jul 09, 2024

Queries the details about a root certificate authority (CA) certificate or an intermediate CA certificate.

Operation description

You can call the DescribeCACertificate operation to query the details about a root CA certificate or an intermediate CA certificate by using the unique identifier of the root CA certificate or intermediate CA certificate. The details include the serial number, user information, and content of a CA certificate.

Before you call this operation, make sure that you have created a root CA by calling the [CreateRootCACertificate] operation or an intermediate CA certificate by calling the [CreateSubCACertificate] operation.

Limits

You can call this operation up to 10 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

ParameterTypeRequiredDescriptionExample
IdentifierstringNo

The unique identifier of the CA certificate that you want to query.

Note You can call the DescribeCACertificateList operation to query the unique identifiers of all CA certificates.
160ae6bb538d538c70c01f81dcf2****

All Alibaba Cloud API operations must include common request parameters.

For more information about sample requests, see the "Examples" section of this topic.

Response parameters

ParameterTypeDescriptionExample
object

DescribeCACertificateResponse.

Certificateobject

The details about the CA certificate.

CertificateTypestring

The type of the CA certificate. Valid values:

  • ROOT: root CA certificate
  • SUB_ROOT: intermediate CA certificate
SUB_ROOT
X509Certificatestring

The content of the CA certificate.

-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----
Identifierstring

The unique identifier of the CA certificate.

160ae6bb538d538c70c01f81dcf2****
SerialNumberstring

The serial number of the CA certificate.

70e3b2566d92805173767869727fb92e****
SubjectDNstring

The user attribute of the CA certificate, which contains the following information:

  • C: the country code in which the organization is located
  • O: the name of the organization
  • OU: the name of the department or branch in the organization
  • L: the name of the city in which the organization is located
  • ST: the name of the province, municipality, or autonomous region in which the organization is located
  • CN: the common name or abbreviation of the organization
C=CN,O=Alibaba Cloud Computing Co., Ltd.,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun
CommonNamestring

The common name or abbreviation of the organization that is associated with the CA certificate.

Aliyun
OrganizationUnitstring

The name of the department or branch in the organization that is associated with the CA certificate.

Security
Organizationstring

The name of the organization that is associated with the CA certificate.

Alibaba Cloud Computing Co., Ltd.
Localitystring

The name of the city in which the organization is located.

Hangzhou
Statestring

The name of the province, municipality, or autonomous region in which the organization is located.

Zhejiang
CountryCodestring

The code of the country in which the organization is located.

For more information about country codes, see the "Country codes" section of the Manage company profiles topic.

CN
Sansstring

This parameter is deprecated.

1
Statusstring

The status of the CA certificate. Valid values:

  • ISSUE: The CA certificate is issued.
  • REVOKE: The CA certificate is revoked.
ISSUE
Algorithmstring

The encryption algorithm of the CA certificate. Valid values:

  • RSA: the Rivest-Shamir-Adleman (RSA) algorithm.
  • ECC: the elliptic curve cryptography (ECC) algorithm.
  • SM2: the SM2 algorithm, which is developed and approved by the State Cryptography Administration of China.
RSA
KeySizeinteger

The key length of the CA certificate.

2048
SignAlgorithmstring

The signature algorithm of the CA certificate.

SHA256WITHRSA
BeforeDatelong

The issuance date of the CA certificate. This value is a UNIX timestamp. Unit: milliseconds.

1634283958000
AfterDatelong

The expiration date of the CA certificate. This value is a UNIX timestamp. Unit: milliseconds.

1665819958000
ParentIdentifierstring

The unique identifier of the root CA certificate from which the CA certificate is issued.

Note This parameter is returned only if the value of the CertificateType parameter is SUB_ROOT. The value SUB_ROOT indicates an intermediate CA certificate.
1a83bcbb89e562885e40aa0108f5****
Sha2string

The SHA-256 fingerprint of the CA certificate.

14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****
Md5string

The MD5 fingerprint of the CA certificate.

160ae6bb538d538c70c01f81dcf2****
CrlStatusstring

The status of the certificate revocation list (CRL) feature.

ACTIVE
CrlUrlstring

The address of the CRL.

https://crl-cn-publish.oss-cn-hangzhou.aliyuncs.com/pca/crl/1925647866611395/1ed40789-483f-6023-b6b8-29ddd3bb0a9a.crl
CertTotalCountlong

The total number of purchased certificate quotas.

40
CertRemainingCountlong

The remaining number of assignable certificate quotas.

30
CertIssuedCountlong

The number of certificates issued by private CA instances.

10
CaCertChainstring

CA certificate chain.

CrlDayinteger

CRL validity period: 1-365 days.

90
RequestIdstring

The ID of the request.

15C66C7B-671A-4297-9187-2C4477247A74
Yearsinteger

The validity period of the CA certificate. Unit: years.

10

Examples

Sample success responses

JSONformat

{
  "Certificate": {
    "CertificateType": "SUB_ROOT",
    "X509Certificate": "-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----",
    "Identifier": "160ae6bb538d538c70c01f81dcf2****",
    "SerialNumber": "70e3b2566d92805173767869727fb92e****",
    "SubjectDN": "C=CN,O=Alibaba Cloud Computing Co., Ltd.,OU=Security,L=Hangzhou,ST=Zhejiang,CN=Aliyun\n",
    "CommonName": "Aliyun",
    "OrganizationUnit": "Security",
    "Organization": "Alibaba Cloud Computing Co., Ltd.\n",
    "Locality": "Hangzhou",
    "State": "Zhejiang",
    "CountryCode": "CN",
    "Sans": "1",
    "Status": "ISSUE",
    "Algorithm": "RSA",
    "KeySize": 2048,
    "SignAlgorithm": "SHA256WITHRSA",
    "BeforeDate": 1634283958000,
    "AfterDate": 1665819958000,
    "ParentIdentifier": "1a83bcbb89e562885e40aa0108f5****",
    "Sha2": "14dcc8afc7578e1fcec36d658f7e20de18f6957bbac42b373a66bc9de4e9****",
    "Md5": "160ae6bb538d538c70c01f81dcf2****",
    "CrlStatus": "ACTIVE",
    "CrlUrl": "https://crl-cn-publish.oss-cn-hangzhou.aliyuncs.com/pca/crl/1925647866611395/1ed40789-483f-6023-b6b8-29ddd3bb0a9a.crl",
    "CertTotalCount": 40,
    "CertRemainingCount": 30,
    "CertIssuedCount": 10,
    "CaCertChain": "",
    "CrlDay": 90
  },
  "RequestId": "15C66C7B-671A-4297-9187-2C4477247A74",
  "Years": 10
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-07-09API Description Update. The response structure of the API has changedView Change Details
2024-03-14The response structure of the API has changedView Change Details
2023-09-05The response structure of the API has changedView Change Details