GetCertificate - AWS Private Certificate Authority
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSee Also

GetCertificate

Retrieves a certificate from your private CA or one that has been shared with you. The ARN of the certificate is returned when you call the IssueCertificate action. You must specify both the ARN of your private CA and the ARN of the issued certificate when calling the GetCertificate action. You can retrieve the certificate if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport action to create a report that contains information about all of the certificates issued and revoked by your private CA.

Request Syntax

{
   "CertificateArn": "string",
   "CertificateAuthorityArn": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CertificateArn

The ARN of the issued certificate. The ARN contains the certificate serial number and must be in the following form:

arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*

Required: Yes

CertificateAuthorityArn

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:

arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*

Required: Yes

Response Syntax

{
   "Certificate": "string",
   "CertificateChain": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Certificate

The base64 PEM-encoded certificate specified by the CertificateArn parameter.

Type: String

CertificateChain

The base64 PEM-encoded certificate chain that chains up to the root CA certificate that you used to sign your private CA certificate.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidArnException

The requested Amazon Resource Name (ARN) does not refer to an existing resource.

HTTP Status Code: 400

InvalidStateException

The state of the private CA does not allow this action to occur.

HTTP Status Code: 400

RequestFailedException

The request has failed for an unspecified reason.

HTTP Status Code: 400

RequestInProgressException

Your request is already in progress.

HTTP Status Code: 400

ResourceNotFoundException

A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot be found.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of GetCertificate.

Sample Request

POST / HTTP/1.1
Host: acm-pca.amazonaws.com
Accept-Encoding: identity
Content-Length: 292
X-Amz-Target: ACMPrivateCA.GetCertificate
X-Amz-Date: 20180226T194913Z
User-Agent: aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=AWS_Access_Key_ID/20180226/AWS_Region/acm-pca/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=4fe34fdad8c09d5b608be6f5d4f4939444dd7cdd542ec09b1002182e4ef9fcee

{
  "CertificateArn": "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/e8cbd2bedb122329f97706bcfec990f8",
  "CertificateAuthorityArn": "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012"
}

Example

This example illustrates one usage of GetCertificate.

Sample Response

HTTP/1.1 200 OK
Date: Tue, 15 May 2018 17:35:47 GMT
Content-Type: application/x-amz-json-1.1
Content-Length: 4184
x-amzn-RequestId: 9f537e0a-993c-4a03-8aec-0fc52c772b84
Connection: keep-alive

{
  "Certificate": "-----BEGIN CERTIFICATE----- base64-encoded certificate -----END CERTIFICATE-----",
  "CertificateChain": "-----BEGIN CERTIFICATE----- base64-encoded certificate -----END CERTIFICATE-----"
}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: