describe_certificate

DirectoryService.Client.describe_certificate(**kwargs)

Displays information about the certificate registered for secure LDAP or client certificate authentication.

See also: AWS API Documentation

Request Syntax

response = client.describe_certificate(
    DirectoryId='string',
    CertificateId='string'
)
Parameters
  • DirectoryId (string) --

    [REQUIRED]

    The identifier of the directory.

  • CertificateId (string) --

    [REQUIRED]

    The identifier of the certificate.

Return type

dict

Returns

Response Syntax

{
    'Certificate': {
        'CertificateId': 'string',
        'State': 'Registering'|'Registered'|'RegisterFailed'|'Deregistering'|'Deregistered'|'DeregisterFailed',
        'StateReason': 'string',
        'CommonName': 'string',
        'RegisteredDateTime': datetime(2015, 1, 1),
        'ExpiryDateTime': datetime(2015, 1, 1),
        'Type': 'ClientCertAuth'|'ClientLDAPS',
        'ClientCertAuthSettings': {
            'OCSPUrl': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • Certificate (dict) --

      Information about the certificate, including registered date time, certificate state, the reason for the state, expiration date time, and certificate common name.

      • CertificateId (string) --

        The identifier of the certificate.

      • State (string) --

        The state of the certificate.

      • StateReason (string) --

        Describes a state change for the certificate.

      • CommonName (string) --

        The common name for the certificate.

      • RegisteredDateTime (datetime) --

        The date and time that the certificate was registered.

      • ExpiryDateTime (datetime) --

        The date and time when the certificate will expire.

      • Type (string) --

        The function that the registered certificate performs. Valid values include ClientLDAPS or ClientCertAuth . The default value is ClientLDAPS .

      • ClientCertAuthSettings (dict) --

        A ClientCertAuthSettings object that contains client certificate authentication settings.

        • OCSPUrl (string) --

          Specifies the URL of the default OCSP server used to check for revocation status. A secondary value to any OCSP address found in the AIA extension of the user certificate.

Exceptions

  • DirectoryService.Client.exceptions.DirectoryDoesNotExistException
  • DirectoryService.Client.exceptions.UnsupportedOperationException
  • DirectoryService.Client.exceptions.CertificateDoesNotExistException
  • DirectoryService.Client.exceptions.InvalidParameterException
  • DirectoryService.Client.exceptions.ClientException
  • DirectoryService.Client.exceptions.ServiceException