Query a CA Certificate

Function

This API is used by an application to query a CA certificate on the IoT platform.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.

If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
iotda:certificate:query	Read	app *	-	-	-
iotda:certificate:query	Read	-	g:EnterpriseProjectId	-	-

URI

GET /v5/iot/{project_id}/certificates/{certificate_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see Obtaining a Project ID.
certificate_id	Yes	String	Unique CA certificate ID, allocated by the platform when the certificate is uploaded.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
Instance-Id	No	String	Instance ID. Unique identifier of each instance in the physical multi-tenant scenario. Mandatory for professional editions and recommended in other cases. Log in to the IoTDA console and choose Overview in the navigation pane to view the instance ID. For details, see Viewing Instance Details.

Response Parameters

Status code: 200

**Table 3** Response body parameters
Parameter	Type	Description
certificate_id	String	Unique CA certificate ID, allocated by the platform when the certificate is uploaded.
name	String	Certificate name.
cn_name	String	CN of the CA certificate.
owner	String	Owner of the CA certificate.
status	Boolean	Verification status of the CA certificate. true indicates that the certificate has been verified and can be used for device access authentication. false indicates that the certificate does not pass the verification.
verify_code	String	Verification code of the CA certificate.
provision_enable	Boolean	Whether to enable the self-registration capability. The options are true (yes) and false (no). If this parameter is set to true, this function must be used together with the pre-provisioning function.
template_id	String	ID of the bound pre-provisioning template.
ocsp_enable	Boolean	Whether to enable OCSP verification for device certificates issued by the CA certificate. Options: true (enabled) and false (disabled). If this parameter is set to true and the device certificate information contains the OCSP URL, the platform verifies the certificate status. If the certificate status is revoked, the platform rejects the device connection.
ocsp_server_ca_id	String	ID of the CA certificate on the OCSP server. This parameter is mandatory only when SSL is enabled on the OCSP server. The platform uses the CA certificate to authenticate the OCSP server.
ocsp_ssl_enable	Boolean	Whether SSL encryption is enabled on the OCSP server. If SSL encryption is enabled, the CA certificate of the OCSP server must be configured.
create_date	String	Time when the certificate was created. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z.
effective_date	String	Time when the CA certificate starts to take effect. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z.
expiry_date	String	Time when CA certificate expires. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z.
content	String	CA certificate content.

Example Requests

GET https://{endpoint}/v5/iot/{project_id}/certificates/{certificate_id}

Example Responses

Status code: 200

Successful response

{
  "certificate_id" : "6d6d84ad4aad40e7a880848cfd229037",
  "name" : "test",
  "cn_name" : "localhost",
  "owner" : "CN=Huawei Cloud Core Network Product CA, O=Huawei, C=CN",
  "status" : true,
  "verify_code" : "bf0fcbfe-0026-4fdc-984d-53a1649bfaa8",
  "provision_enable" : true,
  "template_id" : "61c970ce2d63eb6ee655dbf0",
  "create_date" : "20191212T121212Z",
  "effective_date" : "20191212T121212Z",
  "expiry_date" : "20221212T121212Z",
  "content" : "-----BEGIN CERTIFICATE-----\nMIID8zCCAtugAwIBAgIJAPV0e5iC5R5iMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD\nVQQGEwJDSDERMA8GA1UECAwIU2hlbnpoZW4xETAPBgNVBAcMCFNoZW56aGVuMRMw\nEQYDVQQKDApIdWF3ZWlUZXN0MQwwCgYDVQQLDANJb1QxEzARBgNVBAMMClN0ZXZl\nbnplbmcxIjAgBgkqhkiG9w0BCQEWE3N0ZXZlbnplbmdAdGVzdC5jb20wHhcNMjAx\nMDIyMDM1ODIwWhcNMjMwODEyMDM1ODIwWjCBjzELMAkGA1UEBhMCQ0gxETAPBgNV\nBAgMCFNoZW56aGVuMREwDwYDVQQHDAhTaGVuemhlbjETMBEGA1UECgwKSHVhd2Vp\nVGVzdDEMMAoGA1UECwwDSW9UMRMwEQYDVQQDDApTdGV2ZW56ZW5nMSIwIAYJKoZI\nhvcNAQkBFhNzdGV2ZW56ZW5nQHRlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEAsatA78nO8L5eRZCnEryBe/ZMhxj/DFTuR6py1h7fTctQl3Bb\nB0AM2v5bd4wTAjtRqyA77F4+VswtuTJNNXJsO4RhRqHifx0rizFQZWkWIIMxs2eF\nCuNMovwehTn963bjcbMhKnhVjlXZzs5TtLaT8kovTofyNlxj7kwN1kD8YSc7cSpT\n2RwDHoiN5Yilalnm01eL2QHZxKySa2YlI1dUXe02KS3+6itSpOGM6p+4phf4Jlwb\n7TgY+ZjuM9qf20p4O5LyUnVjTCnb74tjGZeqIqJdYVIkW4al3IVHIzpxgVQq216g\nXT8srSiT2ewxrH4/mrf6AC8lVGjPuwTvx9GIGwIDAQABo1AwTjAdBgNVHQ4EFgQU\niTcay1Vw7AZMEKAooPaXqxRB2CUwHwYDVR0jBBgwFoAUiTcay1Vw7AZMEKAooPaX\nqxRB2CUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHJFYdpRcDcSQ\n2AICoHDJW/xjOVmnHDxLmcN9Lx5CPUuFbzaIMm4ciW6NnfEKZKPvBn+ec8g+kp+J\np3a1f+uxpGlv0z/ykBezIGIF9yR3ajRM+pu3MqyCcpHajGJ6XkdWJOg5r+2gtF55\n9bhvImXhEYpWPm/GQHRTCHznxPYym6JGXOe4b+SwHx6t0dTwJpSzpKPwd8UAkuT3\nEu0slmvB16djfDUS3gcSc3e3EVEh7Fu8zQjxQWkQWDSVKTPCP0GOFIB5MOFSIt9V\n1sor7Q+c1+Ik7nyK3OEUFU85pEwbNsNu6IVuBNGP4ox2YjsyTQvZ+d5BancErQVg\nQIaGBzOr6w==\n-----END CERTIFICATE-----",
  "ocsp_enable" : "false,",
  "ocsp_server_ca_id" : "60fa667369d4840337930aec",
  "ocsp_ssl_enable" : true
}