IoT / Client / describe_ca_certificate



Describes a registered CA certificate.

Requires permission to access the DescribeCACertificate action.

See also: AWS API Documentation

Request Syntax

response = client.describe_ca_certificate(

certificateId (string) –


The CA certificate identifier.

Return type:



Response Syntax

    'certificateDescription': {
        'certificateArn': 'string',
        'certificateId': 'string',
        'status': 'ACTIVE'|'INACTIVE',
        'certificatePem': 'string',
        'ownedBy': 'string',
        'creationDate': datetime(2015, 1, 1),
        'autoRegistrationStatus': 'ENABLE'|'DISABLE',
        'lastModifiedDate': datetime(2015, 1, 1),
        'customerVersion': 123,
        'generationId': 'string',
        'validity': {
            'notBefore': datetime(2015, 1, 1),
            'notAfter': datetime(2015, 1, 1)
        'certificateMode': 'DEFAULT'|'SNI_ONLY'
    'registrationConfig': {
        'templateBody': 'string',
        'roleArn': 'string',
        'templateName': 'string'

Response Structure

  • (dict) –

    The output from the DescribeCACertificate operation.

    • certificateDescription (dict) –

      The CA certificate description.

      • certificateArn (string) –

        The CA certificate ARN.

      • certificateId (string) –

        The CA certificate ID.

      • status (string) –

        The status of a CA certificate.

      • certificatePem (string) –

        The CA certificate data, in PEM format.

      • ownedBy (string) –

        The owner of the CA certificate.

      • creationDate (datetime) –

        The date the CA certificate was created.

      • autoRegistrationStatus (string) –

        Whether the CA certificate configured for auto registration of device certificates. Valid values are “ENABLE” and “DISABLE”

      • lastModifiedDate (datetime) –

        The date the CA certificate was last modified.

      • customerVersion (integer) –

        The customer version of the CA certificate.

      • generationId (string) –

        The generation ID of the CA certificate.

      • validity (dict) –

        When the CA certificate is valid.

        • notBefore (datetime) –

          The certificate is not valid before this date.

        • notAfter (datetime) –

          The certificate is not valid after this date.

      • certificateMode (string) –

        The mode of the CA.

        All the device certificates that are registered using this CA will be registered in the same mode as the CA. For more information about certificate mode for device certificates, see certificate mode.

    • registrationConfig (dict) –

      Information about the registration configuration.

      • templateBody (string) –

        The template body.

      • roleArn (string) –

        The ARN of the role.

      • templateName (string) –

        The name of the provisioning template.


  • IoT.Client.exceptions.InvalidRequestException

  • IoT.Client.exceptions.ThrottlingException

  • IoT.Client.exceptions.UnauthorizedException

  • IoT.Client.exceptions.ServiceUnavailableException

  • IoT.Client.exceptions.InternalFailureException

  • IoT.Client.exceptions.ResourceNotFoundException