There are more AWS SDK examples available in the AWS Doc SDK Examples
Use DescribeCertificate
with an AWS SDK or CLI
The following code examples show how to use DescribeCertificate
.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
- .NET
-
- AWS SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. using System; using System.Threading.Tasks; using Amazon; using Amazon.CertificateManager; using Amazon.CertificateManager.Model; namespace DescribeCertificate { class DescribeCertificate { // The following example retrieves and displays the metadata for a // certificate using the AWS Certificate Manager (ACM) service. // Specify your AWS Region (an example Region is shown). private static readonly RegionEndpoint ACMRegion = RegionEndpoint.USEast1; private static AmazonCertificateManagerClient _client; static void Main(string[] args) { _client = new Amazon.CertificateManager.AmazonCertificateManagerClient(ACMRegion); var describeCertificateReq = new DescribeCertificateRequest(); // The ARN used here is just an example. Replace it with the ARN of // a certificate that exists on your account. describeCertificateReq.CertificateArn = "arn:aws:acm:us-east-1:123456789012:certificate/8cfd7dae-9b6a-2d07-92bc-1c309EXAMPLE"; var certificateDetailResp = DescribeCertificateResponseAsync(client: _client, request: describeCertificateReq); var certificateDetail = certificateDetailResp.Result.Certificate; if (certificateDetail is not null) { DisplayCertificateDetails(certificateDetail); } } /// <summary> /// Displays detailed metadata about a certificate retrieved /// using the ACM service. /// </summary> /// <param name="certificateDetail">The object that contains details /// returned from the call to DescribeCertificateAsync.</param> static void DisplayCertificateDetails(CertificateDetail certificateDetail) { Console.WriteLine("\nCertificate Details: "); Console.WriteLine($"Certificate Domain: {certificateDetail.DomainName}"); Console.WriteLine($"Certificate Arn: {certificateDetail.CertificateArn}"); Console.WriteLine($"Certificate Subject: {certificateDetail.Subject}"); Console.WriteLine($"Certificate Status: {certificateDetail.Status}"); foreach (var san in certificateDetail.SubjectAlternativeNames) { Console.WriteLine($"Certificate SubjectAlternativeName: {san}"); } } /// <summary> /// Retrieves the metadata associated with the ACM service certificate. /// </summary> /// <param name="client">An AmazonCertificateManagerClient object /// used to call DescribeCertificateResponse.</param> /// <param name="request">The DescribeCertificateRequest object that /// will be passed to the method call.</param> /// <returns></returns> static async Task<DescribeCertificateResponse> DescribeCertificateResponseAsync( AmazonCertificateManagerClient client, DescribeCertificateRequest request) { var response = new DescribeCertificateResponse(); try { response = await client.DescribeCertificateAsync(request); } catch (InvalidArnException) { Console.WriteLine($"Error: The ARN specified is invalid."); } catch (ResourceNotFoundException) { Console.WriteLine($"Error: The specified certificate could not be found."); } return response; } } }
-
For API details, see DescribeCertificate in AWS SDK for .NET API Reference.
-
- C++
-
- SDK for C++
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. //! Describe an AWS Certificate Manager (ACM) certificate. /*! \param certificateArn: The Amazon Resource Name (ARN) of a certificate. \param clientConfiguration: AWS client configuration. \return bool: Function succeeded. */ bool AwsDoc::ACM::describeCertificate(const Aws::String &certificateArn, const Aws::Client::ClientConfiguration &clientConfiguration) { Aws::ACM::ACMClient acm_client(clientConfiguration); Aws::ACM::Model::DescribeCertificateRequest request; request.WithCertificateArn(certificateArn); Aws::ACM::Model::DescribeCertificateOutcome outcome = acm_client.DescribeCertificate(request); if (!outcome.IsSuccess()) { std::cerr << "Error: DescribeCertificate: " << outcome.GetError().GetMessage() << std::endl; } else { Aws::ACM::Model::CertificateDetail certificate = outcome.GetResult().GetCertificate(); std::cout << "Success: Information about certificate " "with ARN '" << certificateArn << "':" << std::endl << std::endl; std::cout << "ARN: " << certificate.GetCertificateArn() << std::endl; std::cout << "Authority ARN: " << certificate.GetCertificateAuthorityArn() << std::endl; std::cout << "Created at (GMT): " << certificate.GetCreatedAt().ToGmtString( Aws::Utils::DateFormat::ISO_8601) << std::endl; std::cout << "Domain name: " << certificate.GetDomainName() << std::endl; Aws::Vector<Aws::ACM::Model::DomainValidation> options = certificate.GetDomainValidationOptions(); if (!options.empty()) { std::cout << std::endl << "Domain validation information: " << std::endl << std::endl; for (auto &validation: options) { std::cout << " Domain name: " << validation.GetDomainName() << std::endl; const Aws::ACM::Model::ResourceRecord &record = validation.GetResourceRecord(); std::cout << " Resource record name: " << record.GetName() << std::endl; Aws::ACM::Model::RecordType recordType = record.GetType(); Aws::String type; switch (recordType) { case Aws::ACM::Model::RecordType::CNAME: type = "CNAME"; break; case Aws::ACM::Model::RecordType::NOT_SET: type = "Not set"; break; default: type = "Cannot determine."; break; } std::cout << " Resource record type: " << type << std::endl; std::cout << " Resource record value: " << record.GetValue() << std::endl; std::cout << " Validation domain: " << validation.GetValidationDomain() << std::endl; Aws::Vector<Aws::String> emails = validation.GetValidationEmails(); if (!emails.empty()) { std::cout << " Validation emails:" << std::endl << std::endl; for (auto &email: emails) { std::cout << " " << email << std::endl; } std::cout << std::endl; } Aws::ACM::Model::ValidationMethod validationMethod = validation.GetValidationMethod(); Aws::String method; switch (validationMethod) { case Aws::ACM::Model::ValidationMethod::DNS: method = "DNS"; break; case Aws::ACM::Model::ValidationMethod::EMAIL: method = "Email"; break; case Aws::ACM::Model::ValidationMethod::NOT_SET: method = "Not set"; break; default: method = "Cannot determine"; } std::cout << " Validation method: " << method << std::endl; Aws::ACM::Model::DomainStatus domainStatus = validation.GetValidationStatus(); Aws::String status; switch (domainStatus) { case Aws::ACM::Model::DomainStatus::FAILED: status = "Failed"; break; case Aws::ACM::Model::DomainStatus::NOT_SET: status = "Not set"; break; case Aws::ACM::Model::DomainStatus::PENDING_VALIDATION: status = "Pending validation"; break; case Aws::ACM::Model::DomainStatus::SUCCESS: status = "Success"; break; default: status = "Cannot determine"; } std::cout << " Domain validation status: " << status << std::endl << std::endl; } } Aws::Vector<Aws::ACM::Model::ExtendedKeyUsage> usages = certificate.GetExtendedKeyUsages(); if (!usages.empty()) { std::cout << std::endl << "Extended key usages:" << std::endl << std::endl; for (auto &usage: usages) { Aws::ACM::Model::ExtendedKeyUsageName usageName = usage.GetName(); Aws::String name; switch (usageName) { case Aws::ACM::Model::ExtendedKeyUsageName::ANY: name = "Any"; break; case Aws::ACM::Model::ExtendedKeyUsageName::CODE_SIGNING: name = "Code signing"; break; case Aws::ACM::Model::ExtendedKeyUsageName::CUSTOM: name = "Custom"; break; case Aws::ACM::Model::ExtendedKeyUsageName::EMAIL_PROTECTION: name = "Email protection"; break; case Aws::ACM::Model::ExtendedKeyUsageName::IPSEC_END_SYSTEM: name = "IPSEC end system"; break; case Aws::ACM::Model::ExtendedKeyUsageName::IPSEC_TUNNEL: name = "IPSEC tunnel"; break; case Aws::ACM::Model::ExtendedKeyUsageName::IPSEC_USER: name = "IPSEC user"; break; case Aws::ACM::Model::ExtendedKeyUsageName::NONE: name = "None"; break; case Aws::ACM::Model::ExtendedKeyUsageName::NOT_SET: name = "Not set"; break; case Aws::ACM::Model::ExtendedKeyUsageName::OCSP_SIGNING: name = "OCSP signing"; break; case Aws::ACM::Model::ExtendedKeyUsageName::TIME_STAMPING: name = "Time stamping"; break; case Aws::ACM::Model::ExtendedKeyUsageName::TLS_WEB_CLIENT_AUTHENTICATION: name = "TLS web client authentication"; break; case Aws::ACM::Model::ExtendedKeyUsageName::TLS_WEB_SERVER_AUTHENTICATION: name = "TLS web server authentication"; break; default: name = "Cannot determine"; } std::cout << " Name: " << name << std::endl; std::cout << " OID: " << usage.GetOID() << std::endl << std::endl; } std::cout << std::endl; } Aws::ACM::Model::CertificateStatus certificateStatus = certificate.GetStatus(); Aws::String status; switch (certificateStatus) { case Aws::ACM::Model::CertificateStatus::EXPIRED: status = "Expired"; break; case Aws::ACM::Model::CertificateStatus::FAILED: status = "Failed"; break; case Aws::ACM::Model::CertificateStatus::INACTIVE: status = "Inactive"; break; case Aws::ACM::Model::CertificateStatus::ISSUED: status = "Issued"; break; case Aws::ACM::Model::CertificateStatus::NOT_SET: status = "Not set"; break; case Aws::ACM::Model::CertificateStatus::PENDING_VALIDATION: status = "Pending validation"; break; case Aws::ACM::Model::CertificateStatus::REVOKED: status = "Revoked"; break; case Aws::ACM::Model::CertificateStatus::VALIDATION_TIMED_OUT: status = "Validation timed out"; break; default: status = "Cannot determine"; } std::cout << "Status: " << status << std::endl; if (certificate.GetStatus() == Aws::ACM::Model::CertificateStatus::FAILED) { Aws::ACM::Model::FailureReason failureReason = certificate.GetFailureReason(); Aws::String reason; switch (failureReason) { case Aws::ACM::Model::FailureReason::ADDITIONAL_VERIFICATION_REQUIRED: reason = "Additional verification required"; break; case Aws::ACM::Model::FailureReason::CAA_ERROR: reason = "CAA error"; break; case Aws::ACM::Model::FailureReason::DOMAIN_NOT_ALLOWED: reason = "Domain not allowed"; break; case Aws::ACM::Model::FailureReason::DOMAIN_VALIDATION_DENIED: reason = "Domain validation denied"; break; case Aws::ACM::Model::FailureReason::INVALID_PUBLIC_DOMAIN: reason = "Invalid public domain"; break; case Aws::ACM::Model::FailureReason::NOT_SET: reason = "Not set"; break; case Aws::ACM::Model::FailureReason::NO_AVAILABLE_CONTACTS: reason = "No available contacts"; break; case Aws::ACM::Model::FailureReason::OTHER: reason = "Other"; break; case Aws::ACM::Model::FailureReason::PCA_ACCESS_DENIED: reason = "PCA access denied"; break; case Aws::ACM::Model::FailureReason::PCA_INVALID_ARGS: reason = "PCA invalid args"; break; case Aws::ACM::Model::FailureReason::PCA_INVALID_ARN: reason = "PCA invalid ARN"; break; case Aws::ACM::Model::FailureReason::PCA_INVALID_DURATION: reason = "PCA invalid duration"; break; case Aws::ACM::Model::FailureReason::PCA_INVALID_STATE: reason = "PCA invalid state"; break; case Aws::ACM::Model::FailureReason::PCA_LIMIT_EXCEEDED: reason = "PCA limit exceeded"; break; case Aws::ACM::Model::FailureReason::PCA_NAME_CONSTRAINTS_VALIDATION: reason = "PCA name constraints validation"; break; case Aws::ACM::Model::FailureReason::PCA_REQUEST_FAILED: reason = "PCA request failed"; break; case Aws::ACM::Model::FailureReason::PCA_RESOURCE_NOT_FOUND: reason = "PCA resource not found"; break; default: reason = "Cannot determine"; } std::cout << "Failure reason: " << reason << std::endl; } if (certificate.GetStatus() == Aws::ACM::Model::CertificateStatus::REVOKED) { std::cout << "Revoked at (GMT): " << certificate.GetRevokedAt().ToGmtString( Aws::Utils::DateFormat::ISO_8601) << std::endl; Aws::ACM::Model::RevocationReason revocationReason = certificate.GetRevocationReason(); Aws::String reason; switch (revocationReason) { case Aws::ACM::Model::RevocationReason::AFFILIATION_CHANGED: reason = "Affiliation changed"; break; case Aws::ACM::Model::RevocationReason::A_A_COMPROMISE: reason = "AA compromise"; break; case Aws::ACM::Model::RevocationReason::CA_COMPROMISE: reason = "CA compromise"; break; case Aws::ACM::Model::RevocationReason::CERTIFICATE_HOLD: reason = "Certificate hold"; break; case Aws::ACM::Model::RevocationReason::CESSATION_OF_OPERATION: reason = "Cessation of operation"; break; case Aws::ACM::Model::RevocationReason::KEY_COMPROMISE: reason = "Key compromise"; break; case Aws::ACM::Model::RevocationReason::NOT_SET: reason = "Not set"; break; case Aws::ACM::Model::RevocationReason::PRIVILEGE_WITHDRAWN: reason = "Privilege withdrawn"; break; case Aws::ACM::Model::RevocationReason::REMOVE_FROM_CRL: reason = "Revoke from CRL"; break; case Aws::ACM::Model::RevocationReason::SUPERCEDED: reason = "Superceded"; break; case Aws::ACM::Model::RevocationReason::UNSPECIFIED: reason = "Unspecified"; break; default: reason = "Cannot determine"; } std::cout << "Revocation reason: " << reason << std::endl; } if (certificate.GetType() == Aws::ACM::Model::CertificateType::IMPORTED) { std::cout << "Imported at (GMT): " << certificate.GetImportedAt().ToGmtString( Aws::Utils::DateFormat::ISO_8601) << std::endl; } Aws::Vector<Aws::String> inUseBys = certificate.GetInUseBy(); if (!inUseBys.empty()) { std::cout << std::endl << "In use by:" << std::endl << std::endl; for (auto &in_use_by: inUseBys) { std::cout << " " << in_use_by << std::endl; } std::cout << std::endl; } if (certificate.GetType() == Aws::ACM::Model::CertificateType::AMAZON_ISSUED && certificate.GetStatus() == Aws::ACM::Model::CertificateStatus::ISSUED) { std::cout << "Issued at (GMT): " << certificate.GetIssuedAt().ToGmtString( Aws::Utils::DateFormat::ISO_8601) << std::endl; } std::cout << "Issuer: " << certificate.GetIssuer() << std::endl; Aws::ACM::Model::KeyAlgorithm keyAlgorithm = certificate.GetKeyAlgorithm(); Aws::String algorithm; switch (keyAlgorithm) { case Aws::ACM::Model::KeyAlgorithm::EC_prime256v1: algorithm = "P-256 (secp256r1, prime256v1)"; break; case Aws::ACM::Model::KeyAlgorithm::EC_secp384r1: algorithm = "P-384 (secp384r1)"; break; case Aws::ACM::Model::KeyAlgorithm::EC_secp521r1: algorithm = "P-521 (secp521r1)"; break; case Aws::ACM::Model::KeyAlgorithm::NOT_SET: algorithm = "Not set"; break; case Aws::ACM::Model::KeyAlgorithm::RSA_1024: algorithm = "RSA 1024"; break; case Aws::ACM::Model::KeyAlgorithm::RSA_2048: algorithm = "RSA 2048"; break; case Aws::ACM::Model::KeyAlgorithm::RSA_4096: algorithm = "RSA 4096"; break; default: algorithm = "Cannot determine"; } std::cout << "Key algorithm: " << algorithm << std::endl; if (certificate.GetStatus() == Aws::ACM::Model::CertificateStatus::ISSUED) { std::cout << "Not valid after (GMT): " << certificate.GetNotAfter().ToGmtString( Aws::Utils::DateFormat::ISO_8601) << std::endl; std::cout << "Not valid before (GMT): " << certificate.GetNotBefore().ToGmtString( Aws::Utils::DateFormat::ISO_8601) << std::endl; } Aws::ACM::Model::CertificateTransparencyLoggingPreference loggingPreference = certificate.GetOptions().GetCertificateTransparencyLoggingPreference(); Aws::String preference; switch (loggingPreference) { case Aws::ACM::Model::CertificateTransparencyLoggingPreference::DISABLED: preference = "Disabled"; break; case Aws::ACM::Model::CertificateTransparencyLoggingPreference::ENABLED: preference = "Enabled"; break; case Aws::ACM::Model::CertificateTransparencyLoggingPreference::NOT_SET: preference = "Not set"; break; default: preference = "Cannot determine"; } std::cout << "Logging preference: " << preference << std::endl; std::cout << "Serial: " << certificate.GetSerial() << std::endl; std::cout << "Signature algorithm: " << certificate.GetSignatureAlgorithm() << std::endl; std::cout << "Subject: " << certificate.GetSubject() << std::endl; Aws::ACM::Model::CertificateType certificateType = certificate.GetType(); Aws::String type; switch (certificateType) { case Aws::ACM::Model::CertificateType::AMAZON_ISSUED: type = "Amazon issued"; break; case Aws::ACM::Model::CertificateType::IMPORTED: type = "Imported"; break; case Aws::ACM::Model::CertificateType::NOT_SET: type = "Not set"; break; case Aws::ACM::Model::CertificateType::PRIVATE_: type = "Private"; break; default: type = "Cannot determine"; } std::cout << "Type: " << type << std::endl; Aws::Vector<Aws::String> altNames = certificate.GetSubjectAlternativeNames(); if (!altNames.empty()) { std::cout << std::endl << "Alternative names:" << std::endl << std::endl; for (auto &alt_name: altNames) { std::cout << " " << alt_name << std::endl; } std::cout << std::endl; } } return outcome.IsSuccess(); }
-
For API details, see DescribeCertificate in AWS SDK for C++ API Reference.
-
- CLI
-
- AWS CLI
-
To retrieve the fields contained in an ACM certificate
The following
describe-certificate
command retrieves all of the fields for the certificate with the specified ARN:aws acm describe-certificate --certificate-arn
arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
Output similar to the following is displayed:
{ "Certificate": { "CertificateArn": "arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012", "CreatedAt": 1446835267.0, "DomainName": "www.example.com", "DomainValidationOptions": [ { "DomainName": "www.example.com", "ValidationDomain": "www.example.com", "ValidationEmails": [ "hostmaster@example.com", "admin@example.com", "owner@example.com.whoisprivacyservice.org", "tech@example.com.whoisprivacyservice.org", "admin@example.com.whoisprivacyservice.org", "postmaster@example.com", "webmaster@example.com", "administrator@example.com" ] }, { "DomainName": "www.example.net", "ValidationDomain": "www.example.net", "ValidationEmails": [ "postmaster@example.net", "admin@example.net", "owner@example.net.whoisprivacyservice.org", "tech@example.net.whoisprivacyservice.org", "admin@example.net.whoisprivacyservice.org", "hostmaster@example.net", "administrator@example.net", "webmaster@example.net" ] } ], "InUseBy": [], "IssuedAt": 1446835815.0, "Issuer": "Amazon", "KeyAlgorithm": "RSA-2048", "NotAfter": 1478433600.0, "NotBefore": 1446768000.0, "Serial": "0f:ac:b0:a3:8d:ea:65:52:2d:7d:01:3a:39:36:db:d6", "SignatureAlgorithm": "SHA256WITHRSA", "Status": "ISSUED", "Subject": "CN=www.example.com", "SubjectAlternativeNames": [ "www.example.com", "www.example.net" ] } }
-
For API details, see DescribeCertificate
in AWS CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * <p> * For more information, see the following documentation topic: * <p> * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class DescribeCert { public static void main(String[] args) { final String usage = """ Usage: <certArn> Where: certArn - the ARN of the certificate. """; if (args.length != 1) { System.out.println(usage); return; } String certArn = args[0]; describeCertificate(certArn); } /** * Describes the details of an SSL/TLS certificate. * * @param certArn the Amazon Resource Name (ARN) of the certificate to describe * @throws AcmException if an error occurs while describing the certificate */ public static void describeCertificate(String certArn) { AcmClient acmClient = AcmClient.create(); DescribeCertificateRequest req = DescribeCertificateRequest.builder() .certificateArn(certArn) .build(); try { DescribeCertificateResponse response = acmClient.describeCertificate(req); // Print the certificate details. System.out.println("Certificate ARN: " + response.certificate().certificateArn()); System.out.println("Domain Name: " + response.certificate().domainName()); System.out.println("Issued By: " + response.certificate().issuer()); System.out.println("Issued On: " + response.certificate().issuedAt()); System.out.println("Status: " + response.certificate().status()); } catch (AcmException e) { System.out.println(e.getMessage()); } } }
-
For API details, see DescribeCertificate in AWS SDK for Java 2.x API Reference.
-
- PowerShell
-
- Tools for PowerShell
-
Example 1: Returns details of the specified certificate.
Get-ACMCertificateDetail -CertificateArn "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
Output:
CertificateArn : arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 CreatedAt : 1/21/2016 5:55:59 PM DomainName : www.example.com DomainValidationOptions : {www.example.com} InUseBy : {} IssuedAt : 1/1/0001 12:00:00 AM Issuer : KeyAlgorithm : RSA-2048 NotAfter : 1/1/0001 12:00:00 AM NotBefore : 1/1/0001 12:00:00 AM RevocationReason : RevokedAt : 1/1/0001 12:00:00 AM Serial : SignatureAlgorithm : SHA256WITHRSA Status : PENDING_VALIDATION Subject : CN=www.example.com SubjectAlternativeNames : {www.example.net}
-
For API details, see DescribeCertificate in AWS Tools for PowerShell Cmdlet Reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def describe(self, certificate_arn): """ Gets certificate metadata. :param certificate_arn: The Amazon Resource Name (ARN) of the certificate. :return: Metadata about the certificate. """ try: response = self.acm_client.describe_certificate( CertificateArn=certificate_arn ) certificate = response["Certificate"] logger.info( "Got metadata for certificate for domain %s.", certificate["DomainName"] ) except ClientError: logger.exception("Couldn't get data for certificate %s.", certificate_arn) raise else: return certificate
-
For API details, see DescribeCertificate in AWS SDK for Python (Boto3) API Reference.
-