describe_certificates

describe_certificates(**kwargs)

Lists the set of CA certificates provided by Amazon RDS for this Amazon Web Services account.

For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide .

See also: AWS API Documentation

Request Syntax

response = client.describe_certificates(
    CertificateIdentifier='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxRecords=123,
    Marker='string'
)
Parameters
  • CertificateIdentifier (string) --

    The user-supplied certificate identifier. If this parameter is specified, information for only the identified certificate is returned. This parameter isn't case-sensitive.

    Constraints:

    • Must match an existing CertificateIdentifier.
  • Filters (list) --

    This parameter isn't currently supported.

    • (dict) --

      A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as IDs. The filters supported by a describe operation are documented with the describe operation.

      Note

      Currently, wildcards are not supported in filters.

      The following actions can be filtered:

      • DescribeDBClusterBacktracks
      • DescribeDBClusterEndpoints
      • DescribeDBClusters
      • DescribeDBInstances
      • DescribePendingMaintenanceActions
      • Name (string) -- [REQUIRED]

        The name of the filter. Filter names are case-sensitive.

      • Values (list) -- [REQUIRED]

        One or more filter values. Filter values are case-sensitive.

        • (string) --
  • MaxRecords (integer) --

    The maximum number of records to include in the response. If more records exist than the specified MaxRecords value, a pagination token called a marker is included in the response so you can retrieve the remaining results.

    Default: 100

    Constraints: Minimum 20, maximum 100.

  • Marker (string) -- An optional pagination token provided by a previous DescribeCertificates request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords .
Return type

dict

Returns

Response Syntax

{
    'Certificates': [
        {
            'CertificateIdentifier': 'string',
            'CertificateType': 'string',
            'Thumbprint': 'string',
            'ValidFrom': datetime(2015, 1, 1),
            'ValidTill': datetime(2015, 1, 1),
            'CertificateArn': 'string',
            'CustomerOverride': True|False,
            'CustomerOverrideValidTill': datetime(2015, 1, 1)
        },
    ],
    'Marker': 'string'
}

Response Structure

  • (dict) --

    Data returned by the DescribeCertificates action.

    • Certificates (list) --

      The list of Certificate objects for the Amazon Web Services account.

      • (dict) --

        A CA certificate for an Amazon Web Services account.

        For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide .

        • CertificateIdentifier (string) --

          The unique key that identifies a certificate.

        • CertificateType (string) --

          The type of the certificate.

        • Thumbprint (string) --

          The thumbprint of the certificate.

        • ValidFrom (datetime) --

          The starting date from which the certificate is valid.

        • ValidTill (datetime) --

          The final date that the certificate continues to be valid.

        • CertificateArn (string) --

          The Amazon Resource Name (ARN) for the certificate.

        • CustomerOverride (boolean) --

          Whether there is an override for the default certificate identifier.

        • CustomerOverrideValidTill (datetime) --

          If there is an override for the default certificate identifier, when the override expires.

    • Marker (string) --

      An optional pagination token provided by a previous DescribeCertificates request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords .

Exceptions

  • RDS.Client.exceptions.CertificateNotFoundFault

Examples

This example lists up to 20 certificates for the specified certificate identifier.

response = client.describe_certificates(
    CertificateIdentifier='rds-ca-2015',
    MaxRecords=20,
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}