Help Center/ Cloud Certificate & Manager/ API Reference/ API/ Managing Private Certificates/ Private Certificate Management/ Querying Certificate Details
Updated on 2025-11-28 GMT+08:00
View PDF

Querying Certificate Details

Function

This API is used to query details about a certificate.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

  • If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
  • If you are using identity policy-based authorization, the following identity policy-based permissions are required.

    Action

    Access Level

    Resource Type (*: required)

    Condition Key

    Alias

    Dependencies

    pca:cert:get

    Read

    -

    g:EnterpriseProjectId

    -

    -

URI

GET /v1/private-certificates/{certificate_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

certificate_id

Yes

String

ID of the private certificate you want to query.

Minimum: 36

Maximum: 36

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. For details, see [Obtaining a User Token] (https://support.huaweicloud.com/intl/en-us/api-iam/iam_30_0001.html).

Response Parameters

Status code: 200

Table 3 Response body parameters

Parameter

Type

Description

certificate_id

String

ID of the private certificate.

Minimum: 36

Maximum: 36

status

String

Certificate status:

  • ISSUED: The certificate has been issued.

  • EXPIRED: The certificate has expired.

  • REVOKED: The certificate has been revoked.

issuer_id

String

ID of the parent CA.

Minimum: 36

Maximum: 36

issuer_name

String

The name of the parent CA certificate.

Minimum: 1

Maximum: 64

key_algorithm

String

Key algorithm.

signature_algorithm

String

Signature algorithm.

freeze_flag

Integer

Freezing tag:

  • 0: non-frozen

  • Other values: frozen state. This is currently reserved.

gen_mode

String

Certificate generation method.

  • GENERATE: generated by the PCA system.

  • IMPORT: imported externally.

  • CSR: issued by an internal CA with CSRs imported externally. This means the private key is not managed by PCA.

serial_number

String

Serial number.

Minimum: 1

Maximum: 64

create_time

Long

Time the certificate was created. The value is a timestamp in milliseconds.

delete_time

Long

Time the certificate was deleted. The value is a timestamp in milliseconds.

not_before

Long

Time the certificate was created. The value is a timestamp in milliseconds.

not_after

Long

Time the certificate expires. The value is a timestamp in milliseconds.

distinguished_name

DistinguishedName object

Certificate name. For details, see data structure for the DistinguishedName field.

enterprise_project_id

String

Enterprise project ID. The default value is 0. For users who have enabled the enterprise project function, this value indicates that resources are in the default enterprise project. For users who have not enabled the enterprise project function, this value indicates that resources are not in the default enterprise project.
Table 4 DistinguishedName

Parameter

Type

Description

common_name

String

Common name (CN) of a certificate. The value can contain a maximum of 64 characters, including only letters, digits, spaces, Chinese characters, hyphens (-), underscores (_), periods (.), commas (,), and asterisks (*).

Minimum: 1

Maximum: 64

country

String

Country code. The value is a string of two characters and can contain only letters.

Minimum: 2

Maximum: 2

state

String

Name of a province or city. The value can contain a maximum of 128 characters, including only letters, digits, Chinese characters, spaces, hyphens (-), underscores (_), periods (.), and commas (,).

Minimum: 1

Maximum: 128

locality

String

Region name. The value can contain a maximum of 128 characters, including only letters, digits, Chinese characters, spaces, hyphens (-), underscores (_), periods (.), and commas (,).

Minimum: 1

Maximum: 128

organization

String

Organization name. The value can contain a maximum of 64 characters, including only letters, digits, Chinese characters, spaces, hyphens (-), underscores (_), periods (.), and commas (,).

Minimum: 1

Maximum: 64

organizational_unit

String

Organization unit name. The value can contain a maximum of 64 characters, including only letters, digits, Chinese characters, spaces, hyphens (-), underscores (_), periods (.), and commas (,).

Minimum: 1

Maximum: 64
Table 5 EncCertInfo

Parameter

Type

Description

enc_serial_number

String

Encryption certificate serial number.

Minimum: 1

Maximum: 64

Status code: 400

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Error code

Minimum: 3

Maximum: 36

error_msg

String

Error message

Minimum: 0

Maximum: 1024

Status code: 401

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code

Minimum: 3

Maximum: 36

error_msg

String

Error message

Minimum: 0

Maximum: 1024

Status code: 403

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code

Minimum: 3

Maximum: 36

error_msg

String

Error message

Minimum: 0

Maximum: 1024

Status code: 404

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code

Minimum: 3

Maximum: 36

error_msg

String

Error message

Minimum: 0

Maximum: 1024

Status code: 500

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error code

Minimum: 3

Maximum: 36

error_msg

String

Error message

Minimum: 0

Maximum: 1024

Example Requests

When you call this API, a token with the permission to use this API is mandatory for the X-Auth-Token field.

GET https://ccm.cn-north-4.myhuaweicloud.com/v1/private-certificates/6434f74f-2d13-4e6a-89eb-93ee313f1a43

Example Responses

Status code: 200

Request succeeded.

{
  "signature_algorithm" : "SHA256",
  "issuer_id" : "ef5d84d1-4f52-47d2-b1c8-a91a672487a0",
  "issuer_name" : "HW CA",
  "not_after" : 1665539214000,
  "not_before" : 1634295475000,
  "status" : "ISSUED",
  "freeze_flag" : 0,
  "gen_mode" : "GENERATE",
  "serial_number" : "202110151057541266081861",
  "distinguished_name" : {
    "country" : "cn",
    "state" : "guizhou",
    "locality" : "guiyang",
    "organization" : "hw",
    "organizational_unit" : "IT",
    "common_name" : "test.huawei.com"
  },
  "key_algorithm" : "RSA4096",
  "create_time" : 1634295475000,
  "delete_time" : null,
  "certificate_id" : "6434f74f-2d13-4e6a-89eb-93ee313f1a43",
  "enc_cert_info" : {
    "enc_serial_number" : "2ad6c3e393a95bf13f95"
  }
}

Status code: 400

Invalid request parameters.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status code: 401

Token required for the requested page.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status code: 403

Authentication failed.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status code: 404

No resources available or found.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status code: 500

Internal service error.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status Codes

Status Code

Description

200

Request succeeded.

400

Invalid request parameters.

401

Token required for the requested page.

403

Authentication failed.

404

No resources available or found.

500

Internal service error.

Error Codes

See Error Codes.