GetCertificateAuthorityCertificate
Retrieves the certificate and certificate chain for your private certificate authority (CA) or one that has been shared with you. Both the certificate and the chain are base64 PEM-encoded. The chain does not include the CA certificate. Each certificate in the chain signs the one before it.
Request Syntax
{
"CertificateAuthorityArn": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CertificateAuthorityArn
-
The Amazon Resource Name (ARN) of your private CA. This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.Type: String
Length Constraints: Minimum length of 5. Maximum length of 200.
Pattern:
arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*
Required: Yes
Response Syntax
{
"Certificate": "string",
"CertificateChain": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- Certificate
-
Base64-encoded certificate authority (CA) certificate.
Type: String
- CertificateChain
-
Base64-encoded certificate chain that includes any intermediate certificates and chains up to root certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. If this is a root CA, the value will be null.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidArnException
-
The requested Amazon Resource Name (ARN) does not refer to an existing resource.
HTTP Status Code: 400
- InvalidStateException
-
The state of the private CA does not allow this action to occur.
HTTP Status Code: 400
- ResourceNotFoundException
-
A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot be found.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of GetCertificateAuthorityCertificate.
Sample Request
POST / HTTP/1.1
Host: acm-pca.amazonaws.com
Accept-Encoding: identity
Content-Length: 128
X-Amz-Target: ACMPrivateCA.GetCertificateAuthorityCertificate
X-Amz-Date: 20180226T174831Z
User-Agent: aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=Access_Key_ID/20180226/AWS_Region/acm-pca/aws4_request,
SignedHeaders=content-type;host;x-amz-date;x-amz-target,
Signature=2675f0e4055c234f5b6e155bd3245ca327382d47a16e0c20f2abc802e1f0eab6
{"CertificateAuthorityArn": "arn:aws:acm-pca:AWS_Region:AWS_Account:certificate-authority/12345678-1234-1234-1234-123456789012"}
Example
This example illustrates one usage of GetCertificateAuthorityCertificate.
Sample Response
HTTP/1.1 200 OK
Date: Tue, 15 May 2018 17:43:38 GMT
Content-Type: application/x-amz-json-1.1
Content-Length: 2552
x-amzn-RequestId: 8c607f26-6d9e-4972-a529-02cc5608c81a
Connection: keep-alive
{
"Certificate": "-----BEGIN CERTIFICATE----- base64-encoded certificate -----END CERTIFICATE-----",
"CertificateChain": "-----BEGIN CERTIFICATE----- base64-encoded certificate chain -----END CERTIFICATE-----"
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: