list_certificates_by_ca

list_certificates_by_ca(**kwargs)

List the device certificates signed by the specified CA certificate.

Requires permission to access the ListCertificatesByCA action.

See also: AWS API Documentation

Request Syntax

response = client.list_certificates_by_ca(
    caCertificateId='string',
    pageSize=123,
    marker='string',
    ascendingOrder=True|False
)
Parameters
  • caCertificateId (string) --

    [REQUIRED]

    The ID of the CA certificate. This operation will list all registered device certificate that were signed by this CA certificate.

  • pageSize (integer) -- The result page size.
  • marker (string) -- The marker for the next set of results.
  • ascendingOrder (boolean) -- Specifies the order for results. If True, the results are returned in ascending order, based on the creation date.
Return type

dict

Returns

Response Syntax

{
    'certificates': [
        {
            'certificateArn': 'string',
            'certificateId': 'string',
            'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
            'certificateMode': 'DEFAULT'|'SNI_ONLY',
            'creationDate': datetime(2015, 1, 1)
        },
    ],
    'nextMarker': 'string'
}

Response Structure

  • (dict) --

    The output of the ListCertificatesByCA operation.

    • certificates (list) --

      The device certificates signed by the specified CA certificate.

      • (dict) --

        Information about a certificate.

        • certificateArn (string) --

          The ARN of the certificate.

        • certificateId (string) --

          The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)

        • status (string) --

          The status of the certificate.

          The status value REGISTER_INACTIVE is deprecated and should not be used.

        • certificateMode (string) --

          The mode of the certificate.

          DEFAULT : A certificate in DEFAULT mode is either generated by Amazon Web Services IoT Core or registered with an issuer certificate authority (CA) in DEFAULT mode. Devices with certificates in DEFAULT mode aren't required to send the Server Name Indication (SNI) extension when connecting to Amazon Web Services IoT Core. However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to Amazon Web Services IoT Core.

          SNI_ONLY : A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to Amazon Web Services IoT Core.

        • creationDate (datetime) --

          The date and time the certificate was created.

    • nextMarker (string) --

      The marker for the next set of results, or null if there are no additional results.

Exceptions

  • IoT.Client.exceptions.InvalidRequestException
  • IoT.Client.exceptions.ThrottlingException
  • IoT.Client.exceptions.UnauthorizedException
  • IoT.Client.exceptions.ServiceUnavailableException
  • IoT.Client.exceptions.InternalFailureException