IoT / Client / describe_certificate
describe_certificate#
- IoT.Client.describe_certificate(**kwargs)#
Gets information about the specified certificate.
Requires permission to access the DescribeCertificate action.
See also: AWS API Documentation
Request Syntax
response = client.describe_certificate( certificateId='string' )
- Parameters:
certificateId (string) –
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
- Return type:
dict
- Returns:
Response Syntax
{ 'certificateDescription': { 'certificateArn': 'string', 'certificateId': 'string', 'caCertificateId': 'string', 'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION', 'certificatePem': 'string', 'ownedBy': 'string', 'previousOwnedBy': 'string', 'creationDate': datetime(2015, 1, 1), 'lastModifiedDate': datetime(2015, 1, 1), 'customerVersion': 123, 'transferData': { 'transferMessage': 'string', 'rejectReason': 'string', 'transferDate': datetime(2015, 1, 1), 'acceptDate': datetime(2015, 1, 1), 'rejectDate': datetime(2015, 1, 1) }, 'generationId': 'string', 'validity': { 'notBefore': datetime(2015, 1, 1), 'notAfter': datetime(2015, 1, 1) }, 'certificateMode': 'DEFAULT'|'SNI_ONLY' } }
Response Structure
(dict) –
The output of the DescribeCertificate operation.
certificateDescription (dict) –
The description of the certificate.
certificateArn (string) –
The ARN of the certificate.
certificateId (string) –
The ID of the certificate.
caCertificateId (string) –
The certificate ID of the CA certificate used to sign this certificate.
status (string) –
The status of the certificate.
certificatePem (string) –
The certificate data, in PEM format.
ownedBy (string) –
The ID of the Amazon Web Services account that owns the certificate.
previousOwnedBy (string) –
The ID of the Amazon Web Services account of the previous owner of the certificate.
creationDate (datetime) –
The date and time the certificate was created.
lastModifiedDate (datetime) –
The date and time the certificate was last modified.
customerVersion (integer) –
The customer version of the certificate.
transferData (dict) –
The transfer data.
transferMessage (string) –
The transfer message.
rejectReason (string) –
The reason why the transfer was rejected.
transferDate (datetime) –
The date the transfer took place.
acceptDate (datetime) –
The date the transfer was accepted.
rejectDate (datetime) –
The date the transfer was rejected.
generationId (string) –
The generation ID of the certificate.
validity (dict) –
When the certificate is valid.
notBefore (datetime) –
The certificate is not valid before this date.
notAfter (datetime) –
The certificate is not valid after this date.
certificateMode (string) –
The mode of the certificate.
DEFAULT: A certificate inDEFAULTmode is either generated by Amazon Web Services IoT Core or registered with an issuer certificate authority (CA) inDEFAULTmode. Devices with certificates inDEFAULTmode aren’t required to send the Server Name Indication (SNI) extension when connecting to Amazon Web Services IoT Core. However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to Amazon Web Services IoT Core.SNI_ONLY: A certificate inSNI_ONLYmode is registered without an issuer CA. Devices with certificates inSNI_ONLYmode must send the SNI extension when connecting to Amazon Web Services IoT Core.For more information about the value for SNI extension, see Transport security in IoT.
Exceptions
IoT.Client.exceptions.InvalidRequestExceptionIoT.Client.exceptions.ThrottlingExceptionIoT.Client.exceptions.UnauthorizedExceptionIoT.Client.exceptions.ServiceUnavailableExceptionIoT.Client.exceptions.InternalFailureExceptionIoT.Client.exceptions.ResourceNotFoundException