describe-certificate¶
Description¶
Gets information about the specified certificate.
Requires permission to access the DescribeCertificate action.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
Synopsis¶
describe-certificate
--certificate-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
Options¶
--certificate-id (string)
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
--cli-input-json | --cli-input-yaml (string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.
--generate-cli-skeleton (string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
See ‘aws help’ for descriptions of global parameters.
Examples¶
Note
To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.
Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal’s quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .
To get information about a certificate
The following describe-certificate example displays the details for the specified certificate.
aws iot describe-certificate \
--certificate-id "4f0ba725787aa94d67d2fca420eca022242532e8b3c58e7465c7778b443fd65e"
Output:
{
"certificateDescription": {
"certificateArn": "arn:aws:iot:us-west-2:123456789012:cert/4f0ba725787aa94d67d2fca420eca022242532e8b3c58e7465c7778b443fd65e",
"certificateId": "4f0ba725787aa94d67d2fca420eca022242532e8b3c58e7465c7778b443fd65e",
"status": "ACTIVE",
"certificatePem": "-----BEGIN CERTIFICATE-----
MIICiTEXAMPLEQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBEXAMPLEMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDEXAMPLElMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5EXAMPLEcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNEXAMPLEdBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBEXAMPLEz
b2xEXAMPLEYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8EXAMPLEZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYEXAMPLEpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7EXAMPLEGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFEXAMPLEAtCu4
nUhVVxYUnEXAMPLE8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GEXAMPLEl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----",
"ownedBy": "123456789012",
"creationDate": 1541022751.983,
"lastModifiedDate": 1541022751.983,
"customerVersion": 1,
"transferData": {},
"generationId": "6974fbed-2e61-4114-bc5e-4204cc79b045",
"validity": {
"notBefore": 1541022631.0,
"notAfter": 2524607999.0
}
}
}
For more information, see DescribeCertificate in the AWS IoT API Reference.
Output¶
certificateDescription -> (structure)
The description of the certificate.
certificateArn -> (string)
The ARN of the certificate.
certificateId -> (string)
The ID of the certificate.
caCertificateId -> (string)
The certificate ID of the CA certificate used to sign this certificate.
status -> (string)
The status of the certificate.
certificatePem -> (string)
The certificate data, in PEM format.
ownedBy -> (string)
The ID of the Amazon Web Services account that owns the certificate.
previousOwnedBy -> (string)
The ID of the Amazon Web Services account of the previous owner of the certificate.
creationDate -> (timestamp)
The date and time the certificate was created.
lastModifiedDate -> (timestamp)
The date and time the certificate was last modified.
customerVersion -> (integer)
The customer version of the certificate.
transferData -> (structure)
The transfer data.
transferMessage -> (string)
The transfer message.
rejectReason -> (string)
The reason why the transfer was rejected.
transferDate -> (timestamp)
The date the transfer took place.
acceptDate -> (timestamp)
The date the transfer was accepted.
rejectDate -> (timestamp)
The date the transfer was rejected.
generationId -> (string)
The generation ID of the certificate.
validity -> (structure)
When the certificate is valid.
notBefore -> (timestamp)
The certificate is not valid before this date.
notAfter -> (timestamp)
The certificate is not valid after this date.
certificateMode -> (string)
The mode of the certificate.
DEFAULT: A certificate inDEFAULTmode is either generated by Amazon Web Services IoT Core or registered with an issuer certificate authority (CA) inDEFAULTmode. Devices with certificates inDEFAULTmode aren’t required to send the Server Name Indication (SNI) extension when connecting to Amazon Web Services IoT Core. However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to Amazon Web Services IoT Core.
SNI_ONLY: A certificate inSNI_ONLYmode is registered without an issuer CA. Devices with certificates inSNI_ONLYmode must send the SNI extension when connecting to Amazon Web Services IoT Core.For more information about the value for SNI extension, see Transport security in IoT .