AWS Certificate Manager Private Certificate Authority
AWS Private Certificate Authority Documentation (API Version 2017-08-22)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Lists the private certificate authorities that you created by using the CreateCertificateAuthority action.

Request Syntax

{ "MaxResults": number, "NextToken": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 1000.

Required: No


Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 500.

Required: No

Response Syntax

{ "CertificateAuthorities": [ { "Arn": "string", "CertificateAuthorityConfiguration": { "KeyAlgorithm": "string", "SigningAlgorithm": "string", "Subject": { "CommonName": "string", "Country": "string", "DistinguishedNameQualifier": "string", "GenerationQualifier": "string", "GivenName": "string", "Initials": "string", "Locality": "string", "Organization": "string", "OrganizationalUnit": "string", "Pseudonym": "string", "SerialNumber": "string", "State": "string", "Surname": "string", "Title": "string" } }, "CreatedAt": number, "FailureReason": "string", "LastStateChangeAt": number, "NotAfter": number, "NotBefore": number, "RestorableUntil": number, "RevocationConfiguration": { "CrlConfiguration": { "CustomCname": "string", "Enabled": boolean, "ExpirationInDays": number, "S3BucketName": "string" } }, "Serial": "string", "Status": "string", "Type": "string" } ], "NextToken": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


Summary information about each certificate authority you have created.

Type: Array of CertificateAuthority objects


When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 500.


For information about the errors that are common to all actions, see Common Errors.


The token specified in the NextToken argument is not valid. Use the token returned from your previous call to ListCertificateAuthorities.

HTTP Status Code: 400



Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity Content-Length: 18 X-Amz-Target: ACMPrivateCA.ListCertificateAuthorities X-Amz-Date: 20180226T150214Z User-Agent: aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=Access_Key_ID/20180226/AWS_Region/acm-pca/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=580fdd5ac17213a3016252fb1b3e1064b507f415f1b55ef1a42c9d7945d620c1 {"MaxResults": 10}


Sample Response

HTTP/1.1 200 OK Date: Tue, 15 May 2018 15:56:45 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 5484 x-amzn-RequestId: 9f96be4c-2204-4232-84df-fe5e44d22b22 Connection: keep-alive { "CertificateAuthorities": [{ "Arn": "arn:aws:acm-pca:AWS_Region:AWS_Account:certificate-authority/12345678-1234-1234-1234-123456789012", "CertificateAuthorityConfiguration": { "KeyAlgorithm": "RSA_2048", "SigningAlgorithm": "SHA256WITHRSA", "Subject": { "CommonName": "", "Locality": "Seattle", "Organization": "Example Corporation", "OrganizationalUnit": "Operations", "State": "Washington" } }, "CreatedAt": 1.510085139623E9, "LastStateChangeAt": 1.515616539109E9, "NotAfter": 1.825445955E9, "NotBefore": 1.510085955E9, "RevocationConfiguration": { "CrlConfiguration": { "CustomCname": "https://somename.crl", "Enabled": true, "ExpirationInDays": 3650, "S3BucketName": "your-bucket-name" } }, "Serial": "4109", "Status": "DISABLED", "Type": "SUBORDINATE" }, { "Arn": "arn:aws:acm-pca:AWS_Region:AWS_Account:certificate-authority/11111111-2222-3333-4444-555555555555", "CertificateAuthorityConfiguration": { "KeyAlgorithm": "RSA_4096", "SigningAlgorithm": "SHA256WITHRSA", "Subject": { "CommonName": "", "Country": "US", "Locality": "Spokane", "Organization": "Example Sales LLC", "OrganizationalUnit": "Corporate", "State": "Washington" } }, "CreatedAt": 1.517421065699E9, "LastStateChangeAt": 1.517421065699E9, "RevocationConfiguration": { "CrlConfiguration": { "CustomCname": "https://somename.crl", "Enabled": true, "ExpirationInDays": 3650, "S3BucketName": "your-bucket-name" } }, "Serial": "3611", "Status": "PENDING_CERTIFICATE", "Type": "SUBORDINATE" }, { "Arn": "arn:aws:acm-pca:AWS_Region:AWS_Account:certificate-authority/99999999-4321-1234-4321-4321-888888888888", "CertificateAuthorityConfiguration": { "KeyAlgorithm": "RSA_2048", "SigningAlgorithm": "SHA256WITHRSA", "Subject": { "CommonName": "", "Country": "US", "Locality": "Seattle", "Organization": "Company Ltd.", "OrganizationalUnit": "Sales", "State": "Washington" } }, "CreatedAt": 1.505332492167E9, "LastStateChangeAt": 1.505332492167E9, "NotAfter": 1.820697079E9, "NotBefore": 1.505337079E9, "RevocationConfiguration": { "CrlConfiguration": { "CustomCname": "https://somename.crl", "Enabled": true, "ExpirationInDays": 3650, "S3BucketName": "your-bucket-name" } }, "Serial": "4100", "Status": "ACTIVE", "Type": "SUBORDINATE" } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: