DirectoryService / Client / describe_certificate



Displays information about the certificate registered for secure LDAP or client certificate authentication.

See also: AWS API Documentation

Request Syntax

response = client.describe_certificate(
  • DirectoryId (string) –


    The identifier of the directory.

  • CertificateId (string) –


    The identifier of the certificate.

Return type:



Response Syntax

    'Certificate': {
        'CertificateId': 'string',
        'State': 'Registering'|'Registered'|'RegisterFailed'|'Deregistering'|'Deregistered'|'DeregisterFailed',
        'StateReason': 'string',
        'CommonName': 'string',
        'RegisteredDateTime': datetime(2015, 1, 1),
        'ExpiryDateTime': datetime(2015, 1, 1),
        'Type': 'ClientCertAuth'|'ClientLDAPS',
        'ClientCertAuthSettings': {
            'OCSPUrl': 'string'

Response Structure

  • (dict) –

    • Certificate (dict) –

      Information about the certificate, including registered date time, certificate state, the reason for the state, expiration date time, and certificate common name.

      • CertificateId (string) –

        The identifier of the certificate.

      • State (string) –

        The state of the certificate.

      • StateReason (string) –

        Describes a state change for the certificate.

      • CommonName (string) –

        The common name for the certificate.

      • RegisteredDateTime (datetime) –

        The date and time that the certificate was registered.

      • ExpiryDateTime (datetime) –

        The date and time when the certificate will expire.

      • Type (string) –

        The function that the registered certificate performs. Valid values include ClientLDAPS or ClientCertAuth. The default value is ClientLDAPS.

      • ClientCertAuthSettings (dict) –

        A ClientCertAuthSettings object that contains client certificate authentication settings.

        • OCSPUrl (string) –

          Specifies the URL of the default OCSP server used to check for revocation status. A secondary value to any OCSP address found in the AIA extension of the user certificate.


  • DirectoryService.Client.exceptions.DirectoryDoesNotExistException

  • DirectoryService.Client.exceptions.UnsupportedOperationException

  • DirectoryService.Client.exceptions.CertificateDoesNotExistException

  • DirectoryService.Client.exceptions.InvalidParameterException

  • DirectoryService.Client.exceptions.ClientException

  • DirectoryService.Client.exceptions.ServiceException