- Release Notes
- Announcements
- Price Change to DigiCert SSL Certificates
- TrustAsia Root Certificate Update
- Domain Validation Policy Update
- SSL Certificate Service Console
- Multi-Year SSL Certificate and Automatic Review
- Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020
- Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020
- Notice on Certificate Revocation Due to Private Key Compromises
- Notice on Application Limits for DV SSL Certificates
- Let's Encrypt Root Certificate Expired on September 30, 2021
- Product Introduction
- Purchase Guide
- Getting Started
- Certificate Application
- Domain Ownership Validation
- Operation Guide
- Certificate Installation
- Installing an SSL Certificate on a Tencent Cloud Service
- Installation of International Standard Certificates
- Installing an SSL Certificate on an Nginx Server
- Installing an SSL Certificate on an Apache Server (Linux)
- Installing an SSL Certificate on an Apache Server (Windows)
- Installing an SSL Certificate (JKS Format) on a Tomcat Server (Linux)
- Installing an SSL Certificate (JKS Format) on a Tomcat Server
- Installing an SSL Certificate (PFX Format) on a Tomcat Server
- Installing an SSL Certificate on a GlassFish Server
- Installing an SSL Certificate on a JBoss Server
- Installing an SSL Certificate on a Jetty Server
- Installing an SSL Certificate on an IIS Server
- Installing a Certificate on WebLogic Servers
- Selecting an Installation Type for an SSL Certificate
- Certificate Management
- Tencent Cloud Certificate Benefit Point Package Management
- Uploading (Hosting) an SSL Certificate
- Reminding Reviewers to Review an SSL Certificate Application
- Revoking an SSL Certificate
- Deleting an SSL Certificate
- Reissuing an SSL Certificate
- Ignoring SSL Certificate Notifications
- Customizing SSL Certificate Expiration Notifications
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Certificate APIs
- CancelAuditCertificate
- CreateCertificate
- DescribeHostUpdateRecord
- DescribeHostUpdateRecordDetail
- ModifyCertificateResubmit
- UpdateCertificateInstance
- UpdateCertificateRecordRetry
- UpdateCertificateRecordRollback
- CreateCertificateBindResourceSyncTask
- DescribeCertificateBindResourceTaskDetail
- DescribeCertificateBindResourceTaskResult
- UploadConfirmLetter
- DescribeHostTeoInstanceList
- UploadCertificate
- SubmitCertificateInformation
- ReplaceCertificate
- ModifyCertificateProject
- ModifyCertificateAlias
- DownloadCertificate
- DescribeCertificates
- DescribeCertificateOperateLogs
- DescribeCertificateDetail
- DescribeCertificate
- DeleteCertificate
- CommitCertificateInformation
- CancelCertificateOrder
- ApplyCertificate
- CSR APIs
- Data Types
- Error Codes
- Best Practices
- Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources
- Apple ATS Server Configuration
- Quickly Applying for a Free SSL Certificate via DNSPod
- Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS
- Batch Applying for and Downloading Free Certificates Using Python-based API Calls
- Profile Management
- Troubleshooting
- Domain Validation Failed
- Domain Security Review Failed
- Website Inaccessible After an SSL Certificate is Deployed
- 404 Error After the SSL Certificate is Deployed on IIS
- “Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed
- Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded
- Automatic DNS Validation Failed for a Domain Hosted with www.west.cn
- Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https
- Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS
- FAQs
- SSL Certificate Selection
- SSL Certificate Application
- Quota of Free SSL Certificates
- How to Fill In the Domains Bound to an SSL Certificate During the Application?
- Wildcard SSL Certificates
- Why Does the Order Status Not Changed After a Notification Email Is Received from a CA?
- Can the TXT Records for Domain Name Resolution Configured in the Certificate Be Deleted?
- What Is CSR?
- How Do I Make a CSR File?
- What Is Private Key Password?
- Forgot Your Private Key Password?
- Can an SSL Certificate Be Revoked?
- What are the differences between RSA and ECC?
- What Should I Do If the Console Prompts That "The Certificate Is Bound to Tencent Cloud Resources and Cannot Be Revoked" When I Submit an SSL Certificate Revocation Application?
- What’s the Difference Between Certificate Reissue and Reapplication?
- Which SSL Certificate Types Are Supported for Mini Programs?
- SSL Certificate Management
- SSL Certificate Installation
- What Should I Do If the Host Name Field Is Uneditable in the IIS Manager?
- How Do I Enable Port 443 for a Server?
- Why Does the Website Prompt “Connection Is Untrusted"?
- How Do I Install OpenSSL?
- How Can I Set TLS Versions for SSL Certificates?
- How Can I Combine an SSL Certificate Chain?
- Can Tencent Cloud SSL Certificates Be Used for WebSocket?
- How Do I Enable the IIS Service?
- What Should I Do If I Am Prompted That HTTPS Is Not Secure After Reapplying for Deployment upon Expiration of the SSL Certificate?
- SSL Certificate Region
- SSL Certificate Review
- SSL Certificate Taking Effect
- Is the Original SSL Certificate Still Valid After the Server IP Address Is Changed?
- How Do I Check in a Browser Whether an SSL Certificate Has Taken Effect?
- What Should I Do If GlobalSign Certificates Are Not Supported in Windows 7?
- What Should I Do If the Issue of a Free SSL Certificate Takes Too Long or Failed?
- SSL Certificate Billing and Purchase
- SSL Certificate Validity Period
- SSL Service Level Agreement
- Contact Us
- Glossary
- Release Notes
- Announcements
- Price Change to DigiCert SSL Certificates
- TrustAsia Root Certificate Update
- Domain Validation Policy Update
- SSL Certificate Service Console
- Multi-Year SSL Certificate and Automatic Review
- Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020
- Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020
- Notice on Certificate Revocation Due to Private Key Compromises
- Notice on Application Limits for DV SSL Certificates
- Let's Encrypt Root Certificate Expired on September 30, 2021
- Product Introduction
- Purchase Guide
- Getting Started
- Certificate Application
- Domain Ownership Validation
- Operation Guide
- Certificate Installation
- Installing an SSL Certificate on a Tencent Cloud Service
- Installation of International Standard Certificates
- Installing an SSL Certificate on an Nginx Server
- Installing an SSL Certificate on an Apache Server (Linux)
- Installing an SSL Certificate on an Apache Server (Windows)
- Installing an SSL Certificate (JKS Format) on a Tomcat Server (Linux)
- Installing an SSL Certificate (JKS Format) on a Tomcat Server
- Installing an SSL Certificate (PFX Format) on a Tomcat Server
- Installing an SSL Certificate on a GlassFish Server
- Installing an SSL Certificate on a JBoss Server
- Installing an SSL Certificate on a Jetty Server
- Installing an SSL Certificate on an IIS Server
- Installing a Certificate on WebLogic Servers
- Selecting an Installation Type for an SSL Certificate
- Certificate Management
- Tencent Cloud Certificate Benefit Point Package Management
- Uploading (Hosting) an SSL Certificate
- Reminding Reviewers to Review an SSL Certificate Application
- Revoking an SSL Certificate
- Deleting an SSL Certificate
- Reissuing an SSL Certificate
- Ignoring SSL Certificate Notifications
- Customizing SSL Certificate Expiration Notifications
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Certificate APIs
- CancelAuditCertificate
- CreateCertificate
- DescribeHostUpdateRecord
- DescribeHostUpdateRecordDetail
- ModifyCertificateResubmit
- UpdateCertificateInstance
- UpdateCertificateRecordRetry
- UpdateCertificateRecordRollback
- CreateCertificateBindResourceSyncTask
- DescribeCertificateBindResourceTaskDetail
- DescribeCertificateBindResourceTaskResult
- UploadConfirmLetter
- DescribeHostTeoInstanceList
- UploadCertificate
- SubmitCertificateInformation
- ReplaceCertificate
- ModifyCertificateProject
- ModifyCertificateAlias
- DownloadCertificate
- DescribeCertificates
- DescribeCertificateOperateLogs
- DescribeCertificateDetail
- DescribeCertificate
- DeleteCertificate
- CommitCertificateInformation
- CancelCertificateOrder
- ApplyCertificate
- CSR APIs
- Data Types
- Error Codes
- Best Practices
- Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources
- Apple ATS Server Configuration
- Quickly Applying for a Free SSL Certificate via DNSPod
- Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS
- Batch Applying for and Downloading Free Certificates Using Python-based API Calls
- Profile Management
- Troubleshooting
- Domain Validation Failed
- Domain Security Review Failed
- Website Inaccessible After an SSL Certificate is Deployed
- 404 Error After the SSL Certificate is Deployed on IIS
- “Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed
- Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded
- Automatic DNS Validation Failed for a Domain Hosted with www.west.cn
- Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https
- Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS
- FAQs
- SSL Certificate Selection
- SSL Certificate Application
- Quota of Free SSL Certificates
- How to Fill In the Domains Bound to an SSL Certificate During the Application?
- Wildcard SSL Certificates
- Why Does the Order Status Not Changed After a Notification Email Is Received from a CA?
- Can the TXT Records for Domain Name Resolution Configured in the Certificate Be Deleted?
- What Is CSR?
- How Do I Make a CSR File?
- What Is Private Key Password?
- Forgot Your Private Key Password?
- Can an SSL Certificate Be Revoked?
- What are the differences between RSA and ECC?
- What Should I Do If the Console Prompts That "The Certificate Is Bound to Tencent Cloud Resources and Cannot Be Revoked" When I Submit an SSL Certificate Revocation Application?
- What’s the Difference Between Certificate Reissue and Reapplication?
- Which SSL Certificate Types Are Supported for Mini Programs?
- SSL Certificate Management
- SSL Certificate Installation
- What Should I Do If the Host Name Field Is Uneditable in the IIS Manager?
- How Do I Enable Port 443 for a Server?
- Why Does the Website Prompt “Connection Is Untrusted"?
- How Do I Install OpenSSL?
- How Can I Set TLS Versions for SSL Certificates?
- How Can I Combine an SSL Certificate Chain?
- Can Tencent Cloud SSL Certificates Be Used for WebSocket?
- How Do I Enable the IIS Service?
- What Should I Do If I Am Prompted That HTTPS Is Not Secure After Reapplying for Deployment upon Expiration of the SSL Certificate?
- SSL Certificate Region
- SSL Certificate Review
- SSL Certificate Taking Effect
- Is the Original SSL Certificate Still Valid After the Server IP Address Is Changed?
- How Do I Check in a Browser Whether an SSL Certificate Has Taken Effect?
- What Should I Do If GlobalSign Certificates Are Not Supported in Windows 7?
- What Should I Do If the Issue of a Free SSL Certificate Takes Too Long or Failed?
- SSL Certificate Billing and Purchase
- SSL Certificate Validity Period
- SSL Service Level Agreement
- Contact Us
- Glossary
1. API Description
Domain name for API request: ssl.tencentcloudapi.com.
This API is used to get certificate information.
A maximum of 10 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeCertificate. |
| Version | Yes | String | Common Params. The value used for this API: 2019-12-05. |
| Region | No | String | Common Params. This parameter is not required for this API. |
| CertificateId | Yes | String | Certificate ID |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| OwnerUin | String | User UIN Note: this field may return null, indicating that no valid values can be obtained. |
| ProjectId | String | Project ID Note: this field may return null, indicating that no valid values can be obtained. |
| From | String | Certificate source. trustasia: TrustAsia; upload: certificate uploaded by usersNote: this field may return null, indicating that no valid values can be obtained. |
| CertificateType | String | Certificate type. CA: client certificate; SVR: server certificateNote: this field may return null, indicating that no valid values can be obtained. |
| PackageType | String | Certificate plan type. 1: GeoTrust DV SSL CA - G3; 2: TrustAsia TLS RSA CA; 3: SecureSite EV Pro; 4: SecureSite EV; 5: SecureSite OV Pro; 6: SecureSite OV; 7: SecureSite OV wildcard; 8: GeoTrust EV; 9: GeoTrust OV; 10: GeoTrust OV wildcard; 11: TrustAsia DV multi-domain; 12: TrustAsia DV wildcard; 13: TrustAsia OV wildcard D3; 14: TrustAsia OV D3; 15: TrustAsia OV multi-domain D3; 16: TrustAsia EV D3; 17: TrustAsia EV multi-domain D3; 18: GlobalSign OV; 19: GlobalSign OV wildcard; 20: GlobalSign EV; 21: TrustAsia OV wildcard multi-domain D3; 22: GlobalSign OV multi-domain; 23: GlobalSign OV wildcard multi-domain; 24: GlobalSign EV multi-domainNote: this field may return null, indicating that no valid values can be obtained. |
| ProductZhName | String | Name of the certificate issuer Note: this field may return null, indicating that no valid values can be obtained. |
| Domain | String | Domain name Note: this field may return null, indicating that no valid values can be obtained. |
| Alias | String | Alias Note: this field may return null, indicating that no valid values can be obtained. |
| Status | Integer | Certificate status. 0: reviewing; 1: approved; 2: unapproved; 3: expired; 4: DNS record added; 5: enterprise-grade certificate, pending submission; 6: canceling order; 7: canceled; 8: information submitted, pending confirmation letter upload; 9: revoking certificate; 10: revoked; 11: reissuing; 12: pending revocation confirmation letter uploadNote: this field may return null, indicating that no valid values can be obtained. |
| StatusMsg | String | Status information Note: this field may return null, indicating that no valid values can be obtained. |
| VerifyType | String | Validation type. DNS_AUTO: automatic DNS validation; DNS: manual DNS validation; FILE: file validation; EMAIL: email validationNote: this field may return null, indicating that no valid values can be obtained. |
| VulnerabilityStatus | String | Vulnerability scanning status Note: this field may return null, indicating that no valid values can be obtained. |
| CertBeginTime | String | Time when the certificate takes effect Note: this field may return null, indicating that no valid values can be obtained. |
| CertEndTime | String | Time when the certificate expires Note: this field may return null, indicating that no valid values can be obtained. |
| ValidityPeriod | String | Validity period of the certificate, in months Note: this field may return null, indicating that no valid values can be obtained. |
| InsertTime | String | Application time Note: this field may return null, indicating that no valid values can be obtained. |
| OrderId | String | Order ID Note: this field may return null, indicating that no valid values can be obtained. |
| CertificateExtra | CertificateExtra | Extended information of the certificate Note: this field may return null, indicating that no valid values can be obtained. |
| DvAuthDetail | DvAuthDetail | DV authentication information Note: this field may return null, indicating that no valid values can be obtained. |
| VulnerabilityReport | String | Vulnerability scanning assessment report Note: this field may return null, indicating that no valid values can be obtained. |
| CertificateId | String | Certificate ID Note: this field may return null, indicating that no valid values can be obtained. |
| PackageTypeName | String | Certificate type name Note: this field may return null, indicating that no valid values can be obtained. |
| StatusName | String | Status description Note: this field may return null, indicating that no valid values can be obtained. |
| SubjectAltName | Array of String | Domain names associated with the certificate (including the primary domain name) Note: this field may return null, indicating that no valid values can be obtained. |
| IsVip | Boolean | Whether the customer is a VIP customer Note: this field may return null, indicating that no valid values can be obtained. |
| IsWildcard | Boolean | Whether the certificate is a wildcard certificate Note: this field may return null, indicating that no valid values can be obtained. |
| IsDv | Boolean | Whether the certificate is a DV certificate Note: this field may return null, indicating that no valid values can be obtained. |
| IsVulnerability | Boolean | Whether the vulnerability scanning feature is enabled Note: this field may return null, indicating that no valid values can be obtained. |
| RenewAble | Boolean | Whether the certificate can be reissued Note: this field may return null, indicating that no valid values can be obtained. |
| SubmittedData | SubmittedData | Submitted data Note: this field may return null, indicating that no valid values can be obtained. |
| Deployable | Boolean | Whether the certificate can be deployed Note: this field may return null, indicating that no valid values can be obtained. |
| Tags | Array of Tags | List of tags Note: this field may return null, indicating that no valid values can be obtained. |
| CAEncryptAlgorithms | Array of String | All encryption algorithms of a CA certificate Note: This field may return null, indicating that no valid values can be obtained. |
| CACommonNames | Array of String | All common names of a CA certificate Note: This field may return null, indicating that no valid values can be obtained. |
| CAEndTimes | Array of String | All expiration time of a CA certificate Note: This field may return null, indicating that no valid values can be obtained. |
| DvRevokeAuthDetail | Array of DvAuths | The authentication value for DV certificate revocation. Note: This field may return null, indicating that no valid values can be obtained. |
| RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
4. Example
Example1 Querying the information of a certificate
This example shows you how to query the information of a certificate.
Input Example
https://ssl.tencentcloudapi.com/?Action=DescribeCertificate
&CertificateId=CertificateId
&<Common request parameters>
Output Example
{
"Response": {
"OwnerUin": "abc",
"ProjectId": "abc",
"From": "abc",
"CertificateType": "abc",
"PackageType": "abc",
"ProductZhName": "abc",
"Domain": "abc",
"Alias": "abc",
"Status": 1,
"StatusMsg": "abc",
"VerifyType": "abc",
"VulnerabilityStatus": "abc",
"CertBeginTime": "abc",
"CertEndTime": "abc",
"ValidityPeriod": "abc",
"InsertTime": "abc",
"OrderId": "abc",
"CertificateExtra": {
"DomainNumber": "abc",
"OriginCertificateId": "abc",
"ReplacedBy": "abc",
"ReplacedFor": "abc",
"RenewOrder": "abc",
"SMCert": 0
},
"DvAuthDetail": {
"DvAuthKey": "abc",
"DvAuthValue": "abc",
"DvAuthDomain": "abc",
"DvAuthPath": "abc",
"DvAuthKeySubDomain": "abc",
"DvAuths": [
{
"DvAuthKey": "abc",
"DvAuthValue": "abc",
"DvAuthDomain": "abc",
"DvAuthPath": "abc",
"DvAuthSubDomain": "abc",
"DvAuthVerifyType": "abc"
}
]
},
"VulnerabilityReport": "abc",
"CertificateId": "abc",
"PackageTypeName": "abc",
"StatusName": "abc",
"SubjectAltName": [
"abc"
],
"IsVip": true,
"IsWildcard": true,
"IsDv": true,
"IsVulnerability": true,
"RenewAble": true,
"SubmittedData": {
"CsrType": "abc",
"CsrContent": "abc",
"CertificateDomain": "abc",
"DomainList": [
"abc"
],
"KeyPassword": "abc",
"OrganizationName": "abc",
"OrganizationDivision": "abc",
"OrganizationAddress": "abc",
"OrganizationCountry": "abc",
"OrganizationCity": "abc",
"OrganizationRegion": "abc",
"PostalCode": "abc",
"PhoneAreaCode": "abc",
"PhoneNumber": "abc",
"AdminFirstName": "abc",
"AdminLastName": "abc",
"AdminPhoneNum": "abc",
"AdminEmail": "abc",
"AdminPosition": "abc",
"ContactFirstName": "abc",
"ContactLastName": "abc",
"ContactNumber": "abc",
"ContactEmail": "abc",
"ContactPosition": "abc",
"VerifyType": "abc"
},
"Deployable": true,
"Tags": [
{
"TagKey": "abc",
"TagValue": "abc"
}
],
"CAEncryptAlgorithms": [
"abc"
],
"CACommonNames": [
"abc"
],
"CAEndTimes": [
"abc"
],
"DvRevokeAuthDetail": [
{
"DvAuthKey": "abc",
"DvAuthValue": "abc",
"DvAuthDomain": "abc",
"DvAuthPath": "abc",
"DvAuthSubDomain": "abc",
"DvAuthVerifyType": "abc"
}
],
"RequestId": "abc"
}
}
5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for Node.js
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| FailedOperation | Operation failed. |
| FailedOperation.AuthError | You do not have permission to perform this operation. |
| FailedOperation.CancelOrderFailed | Failed to cancel the order. |
| FailedOperation.CannotBeDeletedIssued | Failed to delete the certificate because it has been issued. |
| FailedOperation.CannotBeDeletedWithinHour | Free certificates cannot be deleted within 1 hour after being applied for. |
| FailedOperation.CannotGetOrder | Failed to get order information. Try again later. |
| FailedOperation.CertificateInvalid | The certificate is invalid. |
| FailedOperation.CertificateMismatch | The certificate and the private key do not match. |
| FailedOperation.CertificateNotFound | The certificate does not exist. |
| FailedOperation.ExceedsFreeLimit | The number of free certificates exceeds the maximum value. |
| FailedOperation.InvalidCertificateStatusCode | The certificate status is incorrect. |
| FailedOperation.InvalidParam | Incorrect parameters. |
| FailedOperation.NetworkError | The CA system is busy. Try again later. |
| FailedOperation.NoProjectPermission | You do not have the permission to operate on this project. |
| FailedOperation.NoRealNameAuth | You have not completed the identity verification. |
| FailedOperation.OrderAlreadyReplaced | This order has already been replaced. |
| FailedOperation.OrderReplaceFailed | Failed to reissue a certificate. |
| InternalError | Internal error. |
| LimitExceeded.RateLimitExceeded | The API rate limit is reached. |
Yes
No
Was this page helpful?