Describing ACM certificates - AWS Certificate Manager

Describing ACM certificates

You can use the ACM console or the AWS CLI to list detailed metadata about your certificates.

To view certificate details in the console

  1. Open the ACM console at https://console.aws.amazon.com/acm/.

  2. To show detailed metadata for a certificate, select the arrow to the immediate left of the domain name. The pane that opens displays the following information:

    • Status – Represents the position of a certificate in its life-cycle. Possible values are:

      • Pending validation – Validation has been requested and has not completed.

      • Issued

      • Inactive

      • Expired – The certificate has passed its expiration date.

      • Validation timed out – A requested validation timed out, but you can repeat the request.

      • Revoked – The certificate has been revoked.

      • Failed – Certificate creation failed.

    • Detailed status – Time when the certificate was requested or imported.

    • Type – Identifies the management category of an ACM certificate. Possible values are: Amazon Issued | Private | Imported. For more information, see Requesting a public certificate, Requesting a private certificate, or Importing certificates into AWS Certificate Manager.

    • In use? – Whether the certificate is associated with an AWS integrated service Possible values are: Yes | No

    • Domain name – The fully qualified domain name (FQDN) for the certificate.

    • Number of additional names – If applicable, other domain names included on the certificate.

    • Identifier – A 32-byte hexadecimal certificate ID.

    • Serial number – A 16-byte hexadecimal serial number.

    • Can be used with – A list of ACMintegrated services that support a certificate with these parameters.

    • Imported at – If applicable, the time when the certificate was imported.

    • Not after – The expiration date and time of the certificate.

    • Expires in – Days remaining until certificate expiration.

    • Public key info – The cryptographic algorithm that generated the key pair.

    • Signature algorithm – The cryptographic algorithm used to sign the certificate.

    • ARN – An Amazon Resource Name (ARN) in the form arn:aws:acm:region:account:certificate/certificate_ID

    • Validation state – If applicable, possible values are:

      • Pending – Validation has been requested and has not completed.

      • Timed out – A requested validation timed out, but you can repeat the request.

      • None – The certificate is for a private PKI or is self-signed, and does not need validation.

To view certificate details using the AWS CLI

Use the describe-certificate in the AWS CLI to display certificate details, as shown in the following command:

$ aws acm describe-certificate --certificate-arn arn:aws:acm:region:account:certificate/certificate_ID

The command returns information similar to the following:

{ "Certificate": { "CertificateArn": "arn:aws:acm:region:account:certificate/certificate_ID", "Status": "EXPIRED", "Options": { "CertificateTransparencyLoggingPreference": "ENABLED" }, "SubjectAlternativeNames": [ "example.com", "www.example.com" ], "DomainName": "gregpe.com", "NotBefore": 1450137600.0, "RenewalEligibility": "INELIGIBLE", "NotAfter": 1484481600.0, "KeyAlgorithm": "RSA-2048", "InUseBy": [ "arn:aws:cloudfront::account:distribution/E12KXPQHVLSYVC" ], "SignatureAlgorithm": "SHA256WITHRSA", "CreatedAt": 1450212224.0, "IssuedAt": 1450212292.0, "KeyUsages": [ { "Name": "DIGITAL_SIGNATURE" }, { "Name": "KEY_ENCIPHERMENT" } ], "Serial": "07:71:71:f4:6b:e7:bf:63:87:e6:ad:3c:b2:0f:d0:5b", "Issuer": "Amazon", "Type": "AMAZON_ISSUED", "ExtendedKeyUsages": [ { "OID": "1.3.6.1.5.5.7.3.1", "Name": "TLS_WEB_SERVER_AUTHENTICATION" }, { "OID": "1.3.6.1.5.5.7.3.2", "Name": "TLS_WEB_CLIENT_AUTHENTICATION" } ], "DomainValidationOptions": [ { "ValidationEmails": [ "hostmaster@example.com", "admin@example.com", "postmaster@example.com", "webmaster@example.com", "administrator@example.com" ], "ValidationDomain": "example.com", "DomainName": "example.com" }, { "ValidationEmails": [ "hostmaster@example.com", "admin@example.com", "postmaster@example.com", "webmaster@example.com", "administrator@example.com" ], "ValidationDomain": "www.example.com", "DomainName": "www.example.com" } ], "Subject": "CN=example.com" } }