Use ListCertificates with an AWS SDK or CLI - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

Use ListCertificates with an AWS SDK or CLI

The following code examples show how to use ListCertificates.

Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:

.NET
AWS SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

using System; using System.Threading.Tasks; using Amazon; using Amazon.CertificateManager; using Amazon.CertificateManager.Model; namespace ListCertificates { // The following example retrieves and displays a list of the // certificates defined for the default account using the AWS // Certificate Manager (ACM) service. class ListCertificates { // Specify your AWS Region (an example Region is shown). private static readonly RegionEndpoint ACMRegion = RegionEndpoint.USEast1; private static AmazonCertificateManagerClient _client; static void Main(string[] args) { _client = new AmazonCertificateManagerClient(ACMRegion); var certificateList = ListCertificatesResponseAsync(client: _client); Console.WriteLine("Certificate Summary List\n"); foreach (var certificate in certificateList.Result.CertificateSummaryList) { Console.WriteLine($"Certificate Domain: {certificate.DomainName}"); Console.WriteLine($"Certificate ARN: {certificate.CertificateArn}\n"); } } /// <summary> /// Retrieves a list of the certificates defined in this Region. /// </summary> /// <param name="client">The ACM client object passed to the /// ListCertificateResAsync method call.</param> /// <param name="request"></param> /// <returns>The ListCertificatesResponse.</returns> static async Task<ListCertificatesResponse> ListCertificatesResponseAsync( AmazonCertificateManagerClient client) { var request = new ListCertificatesRequest(); var response = await client.ListCertificatesAsync(request); return response; } } }
C++
SDK for C++
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

//! List the AWS Certificate Manager (ACM) certificates in an account. /*! \param clientConfiguration: AWS client configuration. \return bool: Function succeeded. */ bool AwsDoc::ACM::listCertificates( const Aws::Client::ClientConfiguration &clientConfiguration) { Aws::ACM::ACMClient acmClient(clientConfiguration); Aws::ACM::Model::ListCertificatesRequest request; Aws::Vector<Aws::ACM::Model::CertificateSummary> allCertificates; Aws::String nextToken; do { if (!nextToken.empty()) { request.SetNextToken(nextToken); } Aws::ACM::Model::ListCertificatesOutcome outcome = acmClient.ListCertificates(request); if (!outcome.IsSuccess()) { std::cerr << "Error: ListCertificates: " << outcome.GetError().GetMessage() << std::endl; return false; } else { const Aws::ACM::Model::ListCertificatesResult &result = outcome.GetResult(); const Aws::Vector<Aws::ACM::Model::CertificateSummary> &certificates = result.GetCertificateSummaryList(); allCertificates.insert(allCertificates.end(), certificates.begin(), certificates.end()); nextToken = result.GetNextToken(); } } while (!nextToken.empty()); if (!allCertificates.empty()) { for (const Aws::ACM::Model::CertificateSummary &certificate: allCertificates) { std::cout << "Certificate ARN: " << certificate.GetCertificateArn() << std::endl; std::cout << "Domain name: " << certificate.GetDomainName() << std::endl << std::endl; } } else { std::cout << "No available certificates found in account." << std::endl; } return true; }
CLI
AWS CLI

To list the ACM certificates for an AWS account

The following list-certificates command lists the ARNs of the certificates in your account:

aws acm list-certificates

The preceding command produces output similar to the following:

{ "CertificateSummaryList": [ { "CertificateArn": "arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012", "DomainName": "www.example.com" }, { "CertificateArn": "arn:aws:acm:region:account:certificate/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "DomainName": "www.example.net" } ] }

You can decide how many certificates you want to display each time you call list-certificates. For example, if you have four certificates and you want to display no more than two at a time, set the max-items argument to 2 as in the following example:

aws acm list-certificates --max-items 2

Two certificate ARNs and a NextToken value will be displayed:

"CertificateSummaryList": [ { "CertificateArn": "arn:aws:acm:region:account: \ certificate/12345678-1234-1234-1234-123456789012", "DomainName": "www.example.com" }, { "CertificateArn": "arn:aws:acm:region:account: \ certificate/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "DomainName": "www.example.net" } ], "NextToken": "9f4d9f69-275a-41fe-b58e-2b837bd9ba48"

To display the next two certificates in your account, set this NextToken value in your next call:

aws acm list-certificates --max-items 2 --next-token 9f4d9f69-275a-41fe-b58e-2b837bd9ba48

You can filter your output by using the certificate-statuses argument. The following command displays certificates that have a PENDING_VALIDATION status:

aws acm list-certificates --certificate-statuses PENDING_VALIDATION

You can also filter your output by using the includes argument. The following command displays certificates filtered on the following properties. The certificates to be displayed:

- Specify that the RSA algorithm and a 2048 bit key are used to generate key pairs. - Contain a Key Usage extension that specifies that the certificates can be used to create digital signatures. - Contain an Extended Key Usage extension that specifies that the certificates can be used for code signing. aws acm list-certificates --max-items 10 --includes extendedKeyUsage=CODE_SIGNING,keyUsage=DIGITAL_SIGNATURE,keyTypes=RSA_2048
Java
SDK for Java 2.x
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

/** * Before running this Java V2 code example, set up your development * environment, including your credentials. * <p> * For more information, see the following documentation topic: * <p> * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class ListCerts { public static void main(String[] args) { listCertificates(); } /** * Lists all the certificates managed by AWS Certificate Manager (ACM) that have a status of "ISSUED". */ public static void listCertificates() { AcmClient acmClient = AcmClient.create(); try { ListCertificatesRequest listRequest = ListCertificatesRequest.builder() .certificateStatuses(CertificateStatus.ISSUED) .maxItems(100) .build(); ListCertificatesIterable listResponse = acmClient.listCertificatesPaginator(listRequest); // Print the certificate details using streams listResponse.certificateSummaryList().stream() .forEach(certificate -> { System.out.println("Certificate ARN: " + certificate.certificateArn()); System.out.println("Certificate Domain Name: " + certificate.domainName()); System.out.println("Certificate Status: " + certificate.statusAsString()); System.out.println("---"); }); } catch (AcmException e) { System.err.println(e.getMessage()); } } }
PowerShell
Tools for PowerShell

Example 1: Retrieves a list of all your certificate ARNs and the domain name for each. The cmdlet will automatically paginate to retrieve all the ARNs. To manually control pagination, use the -MaxItem parameter to control how many certificate ARNs are returned for each service call and the -NextToken parameter to indicate the starting point for each call.

Get-ACMCertificateList

Output:

CertificateArn DomainName -------------- ---------- arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 www.example.com

Example 2: Retrieves a list of all your certificate ARNs where the certificate status matches on the supplied states.

Get-ACMCertificateList -CertificateStatus "VALIDATION_TIMED_OUT","FAILED"

Example 3: This example returns a list of all certificates in the us-east-1 region that have a key type of RSA_2048, and an extended key usage, or purpose, of CODE_SIGNING. You can find the values for these filtering parameters in the ListCertificates Filters API reference topic: https://docs.aws.amazon.com/acm/latest/APIReference/API_Filters.html.

Get-ACMCertificateList -Region us-east-1 -Includes_KeyType RSA_2048 -Includes_ExtendedKeyUsage CODE_SIGNING

Output:

CertificateArn DomainName -------------- ---------- arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-d7c0-48c1-af8d-2133d8f30zzz *.route53docs.com arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-98a5-443d-a734-800430c80zzz nerdzizm.net arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-2be6-4376-8fa7-bad559525zzz arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-e7ca-44c5-803e-24d9f2f36zzz arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-1241-4b71-80b1-090305a62zzz arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-8709-4568-8c64-f94617c99zzz arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-a8fa-4a61-98cf-e08ccc0eezzz arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-fa47-40fe-a714-2d277d3eezzz *.route53docs.com
  • For API details, see ListCertificates in AWS Tools for PowerShell Cmdlet Reference.

Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def list( self, max_items, statuses=None, key_usage=None, extended_key_usage=None, key_types=None, ): """ Lists the certificates for the current account. :param max_items: The maximum number of certificates to list. :param statuses: Filters the results to the specified statuses. If None, all certificates are included. :param key_usage: Filters the results to the specified key usages. If None, all key usages are included. :param extended_key_usage: Filters the results to the specified extended key usages. If None, all extended key usages are included. :param key_types: Filters the results to the specified key types. If None, all key types are included. :return: The list of certificates. """ try: kwargs = {"MaxItems": max_items} if statuses is not None: kwargs["CertificateStatuses"] = statuses includes = {} if key_usage is not None: includes["keyUsage"] = key_usage if extended_key_usage is not None: includes["extendedKeyUsage"] = extended_key_usage if key_types is not None: includes["keyTypes"] = key_types if includes: kwargs["Includes"] = includes response = self.acm_client.list_certificates(**kwargs) certificates = response["CertificateSummaryList"] logger.info("Got %s certificates.", len(certificates)) except ClientError: logger.exception("Couldn't get certificates.") raise else: return certificates
  • For API details, see ListCertificates in AWS SDK for Python (Boto3) API Reference.