tags;
Aws::ACM::Model::Tag tag;
tag.WithKey(tagKey).WithValue(tagValue);
tags.push_back(tag);
request.WithCertificateArn(certificateArn).WithTags(tags);
Aws::ACM::Model::AddTagsToCertificateOutcome outcome =
acmClient.AddTagsToCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: addTagsToCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
}
else {
std::cout << "Success: Tag with key '" << tagKey <<
"' and value '" << tagValue <<
"' added to certificate with ARN '" <<
certificateArn << "'." << std::endl;
}
return outcome.IsSuccess();
}
```
+ For API details, see [AddTagsToCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/AddTagsToCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To add tags to an existing ACM Certificate**
The following `add-tags-to-certificate` command adds two tags to the specified certificate. Use a space to separate multiple tags:
```
aws acm add-tags-to-certificate --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012 --tags Key=Admin,Value=Alice Key=Purpose,Value=Website
```
+ For API details, see [AddTagsToCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/add-tags-to-certificate.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class AddTagsToCertificate {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
certArn - the ARN of the certificate.
""";
if (args.length != 1) {
System.out.println(usage);
return;
}
String certArn = args[0];
addTags(certArn);
}
/**
* Adds tags to a certificate in AWS Certificate Manager (ACM).
*
* @param certArn the Amazon Resource Name (ARN) of the certificate to add tags to
*/
public static void addTags(String certArn) {
AcmClient acmClient = AcmClient.create();
List expectedTags = List.of(Tag.builder().key("key").value("value").build());
AddTagsToCertificateRequest addTagsToCertificateRequest = AddTagsToCertificateRequest.builder()
.certificateArn(certArn)
.tags(expectedTags)
.build();
try {
acmClient.addTagsToCertificate(addTagsToCertificateRequest);
System.out.println("Successfully added tags to a certificate");
} catch (AcmException e) {
System.out.println(e.getMessage());
}
}
}
```
+ For API details, see [AddTagsToCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/AddTagsToCertificate) in *AWS SDK for Java 2.x API Reference*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def add_tags(self, certificate_arn, tags):
"""
Adds tags to a certificate. Tags are key-value pairs that contain custom
metadata.
:param certificate_arn: The ARN of the certificate.
:param tags: A dictionary of key-value tags to add to the certificate.
"""
try:
self.acm_client.add_tags_to_certificate(
CertificateArn=certificate_arn,
Tags=[{"Key": key, "Value": value} for key, value in tags.items()],
)
logger.info("Added %s tags to certificate %s.", len(tags), certificate_arn)
except ClientError:
logger.exception("Couldn't add tags to certificate %s.", certificate_arn)
raise
```
+ For API details, see [AddTagsToCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/AddTagsToCertificate) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" iv_certificate_arn = 'arn:aws:acm:region:123456789012:certificate/certificate-id'
lo_acm->addtagstocertificate(
iv_certificatearn = iv_certificate_arn
it_tags = it_tags
).
MESSAGE 'Tags added to certificate successfully.' TYPE 'I'.
CATCH /aws1/cx_acminvalidarnex.
MESSAGE 'The certificate ARN is not valid.' TYPE 'I'.
CATCH /aws1/cx_acmresourcenotfoundex.
MESSAGE 'Certificate not found.' TYPE 'I'.
CATCH /aws1/cx_acminvalidtagex.
MESSAGE 'Invalid tag provided.' TYPE 'I'.
CATCH /aws1/cx_acmtoomanytagsex.
MESSAGE 'Too many tags for certificate.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [AddTagsToCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `DeleteCertificate` with an AWS SDK or CLI
The following code examples show how to use `DeleteCertificate`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Delete an AWS Certificate Manager (ACM) certificate.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::deleteCertificate(const Aws::String &certificateArn,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::ACM::Model::DeleteCertificateRequest request;
request.WithCertificateArn(certificateArn);
Aws::ACM::Model::DeleteCertificateOutcome outcome =
acmClient.DeleteCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: DeleteCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
}
else {
std::cout << "Success: The certificate with the ARN '" <<
certificateArn << "' is deleted." << std::endl;
}
return outcome.IsSuccess();
}
```
+ For API details, see [DeleteCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/DeleteCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To delete an ACM certificate from your account**
The following `delete-certificate` command deletes the certificate with the specified ARN:
```
aws acm delete-certificate --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
```
+ For API details, see [DeleteCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/delete-certificate.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class DeleteCert {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
certArn - the ARN of the certificate.
""";
if (args.length != 1) {
System.out.println(usage);
return;
}
String certArn = args[0];
deleteCertificate(certArn);
}
/**
* Deletes an SSL/TLS certificate from the AWS Certificate Manager (ACM).
*
* @param certArn the Amazon Resource Name (ARN) of the certificate to be deleted
*/
public static void deleteCertificate( String certArn) {
AcmClient acmClient = AcmClient.create();
DeleteCertificateRequest request = DeleteCertificateRequest.builder()
.certificateArn(certArn)
.build();
try {
acmClient.deleteCertificate(request);
System.out.println("The certificate was deleted");
} catch (AcmException e) {
System.out.println(e.getMessage());
}
}
}
```
+ For API details, see [DeleteCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/DeleteCertificate) in *AWS SDK for Java 2.x API Reference*.
------
#### [ PowerShell ]
**Tools for PowerShell V4**
**Example 1: Deletes the certificate identified by the supplied ARN and the associated private key. The cmdlet will prompt for confirmation before proceeding; add the -Force switch to suppress confirmation.**
```
Remove-ACMCertificate -CertificateArn "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
```
+ For API details, see [DeleteCertificate](https://docs.aws.amazon.com/powershell/v4/reference) in *AWS Tools for PowerShell Cmdlet Reference (V4)*.
**Tools for PowerShell V5**
**Example 1: Deletes the certificate identified by the supplied ARN and the associated private key. The cmdlet will prompt for confirmation before proceeding; add the -Force switch to suppress confirmation.**
```
Remove-ACMCertificate -CertificateArn "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
```
+ For API details, see [DeleteCertificate](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def remove(self, certificate_arn):
"""
Removes a certificate.
:param certificate_arn: The ARN of the certificate to remove.
"""
try:
self.acm_client.delete_certificate(CertificateArn=certificate_arn)
logger.info("Removed certificate %s.", certificate_arn)
except ClientError:
logger.exception("Couldn't remove certificate %s.", certificate_arn)
raise
```
+ For API details, see [DeleteCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/DeleteCertificate) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" iv_certificate_arn = 'arn:aws:acm:region:123456789012:certificate/certificate-id'
lo_acm->deletecertificate( iv_certificatearn = iv_certificate_arn ).
MESSAGE 'Certificate deleted successfully.' TYPE 'I'.
CATCH /aws1/cx_acminvalidarnex.
MESSAGE 'The certificate ARN is not valid.' TYPE 'I'.
CATCH /aws1/cx_acmresourcenotfoundex.
MESSAGE 'Certificate not found.' TYPE 'I'.
CATCH /aws1/cx_acmresourceinuseex.
MESSAGE 'Certificate is in use and cannot be deleted.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [DeleteCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `DescribeCertificate` with an AWS SDK or CLI
The following code examples show how to use `DescribeCertificate`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ .NET ]
**SDK for .NET**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/ACM#code-examples).
```
using System;
using System.Threading.Tasks;
using Amazon;
using Amazon.CertificateManager;
using Amazon.CertificateManager.Model;
namespace DescribeCertificate
{
class DescribeCertificate
{
// The following example retrieves and displays the metadata for a
// certificate using the AWS Certificate Manager (ACM) service.
// Specify your AWS Region (an example Region is shown).
private static readonly RegionEndpoint ACMRegion = RegionEndpoint.USEast1;
private static AmazonCertificateManagerClient _client;
static void Main(string[] args)
{
_client = new Amazon.CertificateManager.AmazonCertificateManagerClient(ACMRegion);
var describeCertificateReq = new DescribeCertificateRequest();
// The ARN used here is just an example. Replace it with the ARN of
// a certificate that exists on your account.
describeCertificateReq.CertificateArn =
"arn:aws:acm:us-east-1:123456789012:certificate/8cfd7dae-9b6a-2d07-92bc-1c309EXAMPLE";
var certificateDetailResp =
DescribeCertificateResponseAsync(client: _client, request: describeCertificateReq);
var certificateDetail = certificateDetailResp.Result.Certificate;
if (certificateDetail is not null)
{
DisplayCertificateDetails(certificateDetail);
}
}
///
/// Displays detailed metadata about a certificate retrieved
/// using the ACM service.
///
/// The object that contains details
/// returned from the call to DescribeCertificateAsync.
static void DisplayCertificateDetails(CertificateDetail certificateDetail)
{
Console.WriteLine("\nCertificate Details: ");
Console.WriteLine($"Certificate Domain: {certificateDetail.DomainName}");
Console.WriteLine($"Certificate Arn: {certificateDetail.CertificateArn}");
Console.WriteLine($"Certificate Subject: {certificateDetail.Subject}");
Console.WriteLine($"Certificate Status: {certificateDetail.Status}");
foreach (var san in certificateDetail.SubjectAlternativeNames)
{
Console.WriteLine($"Certificate SubjectAlternativeName: {san}");
}
}
///
/// Retrieves the metadata associated with the ACM service certificate.
///
/// An AmazonCertificateManagerClient object
/// used to call DescribeCertificateResponse.
/// The DescribeCertificateRequest object that
/// will be passed to the method call.
///
static async Task DescribeCertificateResponseAsync(
AmazonCertificateManagerClient client, DescribeCertificateRequest request)
{
var response = new DescribeCertificateResponse();
try
{
response = await client.DescribeCertificateAsync(request);
}
catch (InvalidArnException)
{
Console.WriteLine($"Error: The ARN specified is invalid.");
}
catch (ResourceNotFoundException)
{
Console.WriteLine($"Error: The specified certificate could not be found.");
}
return response;
}
}
}
```
+ For API details, see [DescribeCertificate](https://docs.aws.amazon.com/goto/DotNetSDKV3/acm-2015-12-08/DescribeCertificate) in *AWS SDK for .NET API Reference*.
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Describe an AWS Certificate Manager (ACM) certificate.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::describeCertificate(const Aws::String &certificateArn,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acm_client(clientConfiguration);
Aws::ACM::Model::DescribeCertificateRequest request;
request.WithCertificateArn(certificateArn);
Aws::ACM::Model::DescribeCertificateOutcome outcome =
acm_client.DescribeCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: DescribeCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
}
else {
Aws::ACM::Model::CertificateDetail certificate =
outcome.GetResult().GetCertificate();
std::cout << "Success: Information about certificate "
"with ARN '" << certificateArn << "':" << std::endl << std::endl;
std::cout << "ARN: " << certificate.GetCertificateArn()
<< std::endl;
std::cout << "Authority ARN: " <<
certificate.GetCertificateAuthorityArn() << std::endl;
std::cout << "Created at (GMT): " <<
certificate.GetCreatedAt().ToGmtString(
Aws::Utils::DateFormat::ISO_8601)
<< std::endl;
std::cout << "Domain name: " << certificate.GetDomainName()
<< std::endl;
Aws::Vector options =
certificate.GetDomainValidationOptions();
if (!options.empty()) {
std::cout << std::endl << "Domain validation information: "
<< std::endl << std::endl;
for (auto &validation: options) {
std::cout << " Domain name: " <<
validation.GetDomainName() << std::endl;
const Aws::ACM::Model::ResourceRecord &record =
validation.GetResourceRecord();
std::cout << " Resource record name: " <<
record.GetName() << std::endl;
Aws::ACM::Model::RecordType recordType = record.GetType();
Aws::String type;
switch (recordType) {
case Aws::ACM::Model::RecordType::CNAME:
type = "CNAME";
break;
case Aws::ACM::Model::RecordType::NOT_SET:
type = "Not set";
break;
default:
type = "Cannot determine.";
break;
}
std::cout << " Resource record type: " << type <<
std::endl;
std::cout << " Resource record value: " <<
record.GetValue() << std::endl;
std::cout << " Validation domain: " <<
validation.GetValidationDomain() << std::endl;
Aws::Vector emails =
validation.GetValidationEmails();
if (!emails.empty()) {
std::cout << " Validation emails:" << std::endl <<
std::endl;
for (auto &email: emails) {
std::cout << " " << email << std::endl;
}
std::cout << std::endl;
}
Aws::ACM::Model::ValidationMethod validationMethod =
validation.GetValidationMethod();
Aws::String method;
switch (validationMethod) {
case Aws::ACM::Model::ValidationMethod::DNS:
method = "DNS";
break;
case Aws::ACM::Model::ValidationMethod::EMAIL:
method = "Email";
break;
case Aws::ACM::Model::ValidationMethod::NOT_SET:
method = "Not set";
break;
default:
method = "Cannot determine";
}
std::cout << " Validation method: " <<
method << std::endl;
Aws::ACM::Model::DomainStatus domainStatus =
validation.GetValidationStatus();
Aws::String status;
switch (domainStatus) {
case Aws::ACM::Model::DomainStatus::FAILED:
status = "Failed";
break;
case Aws::ACM::Model::DomainStatus::NOT_SET:
status = "Not set";
break;
case Aws::ACM::Model::DomainStatus::PENDING_VALIDATION:
status = "Pending validation";
break;
case Aws::ACM::Model::DomainStatus::SUCCESS:
status = "Success";
break;
default:
status = "Cannot determine";
}
std::cout << " Domain validation status: " << status <<
std::endl << std::endl;
}
}
Aws::Vector usages =
certificate.GetExtendedKeyUsages();
if (!usages.empty()) {
std::cout << std::endl << "Extended key usages:" <<
std::endl << std::endl;
for (auto &usage: usages) {
Aws::ACM::Model::ExtendedKeyUsageName usageName =
usage.GetName();
Aws::String name;
switch (usageName) {
case Aws::ACM::Model::ExtendedKeyUsageName::ANY:
name = "Any";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::CODE_SIGNING:
name = "Code signing";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::CUSTOM:
name = "Custom";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::EMAIL_PROTECTION:
name = "Email protection";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::IPSEC_END_SYSTEM:
name = "IPSEC end system";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::IPSEC_TUNNEL:
name = "IPSEC tunnel";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::IPSEC_USER:
name = "IPSEC user";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::NONE:
name = "None";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::NOT_SET:
name = "Not set";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::OCSP_SIGNING:
name = "OCSP signing";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::TIME_STAMPING:
name = "Time stamping";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::TLS_WEB_CLIENT_AUTHENTICATION:
name = "TLS web client authentication";
break;
case Aws::ACM::Model::ExtendedKeyUsageName::TLS_WEB_SERVER_AUTHENTICATION:
name = "TLS web server authentication";
break;
default:
name = "Cannot determine";
}
std::cout << " Name: " << name << std::endl;
std::cout << " OID: " << usage.GetOID() <<
std::endl << std::endl;
}
std::cout << std::endl;
}
Aws::ACM::Model::CertificateStatus certificateStatus =
certificate.GetStatus();
Aws::String status;
switch (certificateStatus) {
case Aws::ACM::Model::CertificateStatus::EXPIRED:
status = "Expired";
break;
case Aws::ACM::Model::CertificateStatus::FAILED:
status = "Failed";
break;
case Aws::ACM::Model::CertificateStatus::INACTIVE:
status = "Inactive";
break;
case Aws::ACM::Model::CertificateStatus::ISSUED:
status = "Issued";
break;
case Aws::ACM::Model::CertificateStatus::NOT_SET:
status = "Not set";
break;
case Aws::ACM::Model::CertificateStatus::PENDING_VALIDATION:
status = "Pending validation";
break;
case Aws::ACM::Model::CertificateStatus::REVOKED:
status = "Revoked";
break;
case Aws::ACM::Model::CertificateStatus::VALIDATION_TIMED_OUT:
status = "Validation timed out";
break;
default:
status = "Cannot determine";
}
std::cout << "Status: " << status << std::endl;
if (certificate.GetStatus() ==
Aws::ACM::Model::CertificateStatus::FAILED) {
Aws::ACM::Model::FailureReason failureReason =
certificate.GetFailureReason();
Aws::String reason;
switch (failureReason) {
case Aws::ACM::Model::FailureReason::ADDITIONAL_VERIFICATION_REQUIRED:
reason = "Additional verification required";
break;
case Aws::ACM::Model::FailureReason::CAA_ERROR:
reason = "CAA error";
break;
case Aws::ACM::Model::FailureReason::DOMAIN_NOT_ALLOWED:
reason = "Domain not allowed";
break;
case Aws::ACM::Model::FailureReason::DOMAIN_VALIDATION_DENIED:
reason = "Domain validation denied";
break;
case Aws::ACM::Model::FailureReason::INVALID_PUBLIC_DOMAIN:
reason = "Invalid public domain";
break;
case Aws::ACM::Model::FailureReason::NOT_SET:
reason = "Not set";
break;
case Aws::ACM::Model::FailureReason::NO_AVAILABLE_CONTACTS:
reason = "No available contacts";
break;
case Aws::ACM::Model::FailureReason::OTHER:
reason = "Other";
break;
case Aws::ACM::Model::FailureReason::PCA_ACCESS_DENIED:
reason = "PCA access denied";
break;
case Aws::ACM::Model::FailureReason::PCA_INVALID_ARGS:
reason = "PCA invalid args";
break;
case Aws::ACM::Model::FailureReason::PCA_INVALID_ARN:
reason = "PCA invalid ARN";
break;
case Aws::ACM::Model::FailureReason::PCA_INVALID_DURATION:
reason = "PCA invalid duration";
break;
case Aws::ACM::Model::FailureReason::PCA_INVALID_STATE:
reason = "PCA invalid state";
break;
case Aws::ACM::Model::FailureReason::PCA_LIMIT_EXCEEDED:
reason = "PCA limit exceeded";
break;
case Aws::ACM::Model::FailureReason::PCA_NAME_CONSTRAINTS_VALIDATION:
reason = "PCA name constraints validation";
break;
case Aws::ACM::Model::FailureReason::PCA_REQUEST_FAILED:
reason = "PCA request failed";
break;
case Aws::ACM::Model::FailureReason::PCA_RESOURCE_NOT_FOUND:
reason = "PCA resource not found";
break;
default:
reason = "Cannot determine";
}
std::cout << "Failure reason: " << reason << std::endl;
}
if (certificate.GetStatus() == Aws::ACM::Model::CertificateStatus::REVOKED) {
std::cout << "Revoked at (GMT): " <<
certificate.GetRevokedAt().ToGmtString(
Aws::Utils::DateFormat::ISO_8601)
<< std::endl;
Aws::ACM::Model::RevocationReason revocationReason =
certificate.GetRevocationReason();
Aws::String reason;
switch (revocationReason) {
case Aws::ACM::Model::RevocationReason::AFFILIATION_CHANGED:
reason = "Affiliation changed";
break;
case Aws::ACM::Model::RevocationReason::A_A_COMPROMISE:
reason = "AA compromise";
break;
case Aws::ACM::Model::RevocationReason::CA_COMPROMISE:
reason = "CA compromise";
break;
case Aws::ACM::Model::RevocationReason::CERTIFICATE_HOLD:
reason = "Certificate hold";
break;
case Aws::ACM::Model::RevocationReason::CESSATION_OF_OPERATION:
reason = "Cessation of operation";
break;
case Aws::ACM::Model::RevocationReason::KEY_COMPROMISE:
reason = "Key compromise";
break;
case Aws::ACM::Model::RevocationReason::NOT_SET:
reason = "Not set";
break;
case Aws::ACM::Model::RevocationReason::PRIVILEGE_WITHDRAWN:
reason = "Privilege withdrawn";
break;
case Aws::ACM::Model::RevocationReason::REMOVE_FROM_CRL:
reason = "Revoke from CRL";
break;
case Aws::ACM::Model::RevocationReason::SUPERCEDED:
reason = "Superceded";
break;
case Aws::ACM::Model::RevocationReason::UNSPECIFIED:
reason = "Unspecified";
break;
default:
reason = "Cannot determine";
}
std::cout << "Revocation reason: " << reason << std::endl;
}
if (certificate.GetType() == Aws::ACM::Model::CertificateType::IMPORTED) {
std::cout << "Imported at (GMT): " <<
certificate.GetImportedAt().ToGmtString(
Aws::Utils::DateFormat::ISO_8601)
<< std::endl;
}
Aws::Vector inUseBys = certificate.GetInUseBy();
if (!inUseBys.empty()) {
std::cout << std::endl << "In use by:" << std::endl << std::endl;
for (auto &in_use_by: inUseBys) {
std::cout << " " << in_use_by << std::endl;
}
std::cout << std::endl;
}
if (certificate.GetType() == Aws::ACM::Model::CertificateType::AMAZON_ISSUED &&
certificate.GetStatus() == Aws::ACM::Model::CertificateStatus::ISSUED) {
std::cout << "Issued at (GMT): " <<
certificate.GetIssuedAt().ToGmtString(
Aws::Utils::DateFormat::ISO_8601)
<< std::endl;
}
std::cout << "Issuer: " << certificate.GetIssuer() <<
std::endl;
Aws::ACM::Model::KeyAlgorithm keyAlgorithm =
certificate.GetKeyAlgorithm();
Aws::String algorithm;
switch (keyAlgorithm) {
case Aws::ACM::Model::KeyAlgorithm::EC_prime256v1:
algorithm = "P-256 (secp256r1, prime256v1)";
break;
case Aws::ACM::Model::KeyAlgorithm::EC_secp384r1:
algorithm = "P-384 (secp384r1)";
break;
case Aws::ACM::Model::KeyAlgorithm::EC_secp521r1:
algorithm = "P-521 (secp521r1)";
break;
case Aws::ACM::Model::KeyAlgorithm::NOT_SET:
algorithm = "Not set";
break;
case Aws::ACM::Model::KeyAlgorithm::RSA_1024:
algorithm = "RSA 1024";
break;
case Aws::ACM::Model::KeyAlgorithm::RSA_2048:
algorithm = "RSA 2048";
break;
case Aws::ACM::Model::KeyAlgorithm::RSA_4096:
algorithm = "RSA 4096";
break;
default:
algorithm = "Cannot determine";
}
std::cout << "Key algorithm: " << algorithm << std::endl;
if (certificate.GetStatus() == Aws::ACM::Model::CertificateStatus::ISSUED) {
std::cout << "Not valid after (GMT): " <<
certificate.GetNotAfter().ToGmtString(
Aws::Utils::DateFormat::ISO_8601)
<< std::endl;
std::cout << "Not valid before (GMT): " <<
certificate.GetNotBefore().ToGmtString(
Aws::Utils::DateFormat::ISO_8601)
<< std::endl;
}
Aws::ACM::Model::CertificateTransparencyLoggingPreference loggingPreference =
certificate.GetOptions().GetCertificateTransparencyLoggingPreference();
Aws::String preference;
switch (loggingPreference) {
case Aws::ACM::Model::CertificateTransparencyLoggingPreference::DISABLED:
preference = "Disabled";
break;
case Aws::ACM::Model::CertificateTransparencyLoggingPreference::ENABLED:
preference = "Enabled";
break;
case Aws::ACM::Model::CertificateTransparencyLoggingPreference::NOT_SET:
preference = "Not set";
break;
default:
preference = "Cannot determine";
}
std::cout << "Logging preference: " << preference << std::endl;
std::cout << "Serial: " << certificate.GetSerial() <<
std::endl;
std::cout << "Signature algorithm: "
<< certificate.GetSignatureAlgorithm() << std::endl;
std::cout << "Subject: " << certificate.GetSubject() <<
std::endl;
Aws::ACM::Model::CertificateType certificateType = certificate.GetType();
Aws::String type;
switch (certificateType) {
case Aws::ACM::Model::CertificateType::AMAZON_ISSUED:
type = "Amazon issued";
break;
case Aws::ACM::Model::CertificateType::IMPORTED:
type = "Imported";
break;
case Aws::ACM::Model::CertificateType::NOT_SET:
type = "Not set";
break;
case Aws::ACM::Model::CertificateType::PRIVATE_:
type = "Private";
break;
default:
type = "Cannot determine";
}
std::cout << "Type: " << type << std::endl;
Aws::Vector altNames =
certificate.GetSubjectAlternativeNames();
if (!altNames.empty()) {
std::cout << std::endl << "Alternative names:" <<
std::endl << std::endl;
for (auto &alt_name: altNames) {
std::cout << " " << alt_name << std::endl;
}
std::cout << std::endl;
}
}
return outcome.IsSuccess();
}
```
+ For API details, see [DescribeCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/DescribeCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To retrieve the fields contained in an ACM certificate**
The following `describe-certificate` command retrieves all of the fields for the certificate with the specified ARN:
```
aws acm describe-certificate --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
```
Output similar to the following is displayed:
```
{
"Certificate": {
"CertificateArn": "arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012",
"CreatedAt": 1446835267.0,
"DomainName": "www.example.com",
"DomainValidationOptions": [
{
"DomainName": "www.example.com",
"ValidationDomain": "www.example.com",
"ValidationEmails": [
"hostmaster@example.com",
"admin@example.com",
"owner@example.com.whoisprivacyservice.org",
"tech@example.com.whoisprivacyservice.org",
"admin@example.com.whoisprivacyservice.org",
"postmaster@example.com",
"webmaster@example.com",
"administrator@example.com"
]
},
{
"DomainName": "www.example.net",
"ValidationDomain": "www.example.net",
"ValidationEmails": [
"postmaster@example.net",
"admin@example.net",
"owner@example.net.whoisprivacyservice.org",
"tech@example.net.whoisprivacyservice.org",
"admin@example.net.whoisprivacyservice.org",
"hostmaster@example.net",
"administrator@example.net",
"webmaster@example.net"
]
}
],
"InUseBy": [],
"IssuedAt": 1446835815.0,
"Issuer": "Amazon",
"KeyAlgorithm": "RSA-2048",
"NotAfter": 1478433600.0,
"NotBefore": 1446768000.0,
"Serial": "0f:ac:b0:a3:8d:ea:65:52:2d:7d:01:3a:39:36:db:d6",
"SignatureAlgorithm": "SHA256WITHRSA",
"Status": "ISSUED",
"Subject": "CN=www.example.com",
"SubjectAlternativeNames": [
"www.example.com",
"www.example.net"
]
}
}
```
+ For API details, see [DescribeCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/describe-certificate.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class DescribeCert {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
certArn - the ARN of the certificate.
""";
if (args.length != 1) {
System.out.println(usage);
return;
}
String certArn = args[0];
describeCertificate(certArn);
}
/**
* Describes the details of an SSL/TLS certificate.
*
* @param certArn the Amazon Resource Name (ARN) of the certificate to describe
* @throws AcmException if an error occurs while describing the certificate
*/
public static void describeCertificate(String certArn) {
AcmClient acmClient = AcmClient.create();
DescribeCertificateRequest req = DescribeCertificateRequest.builder()
.certificateArn(certArn)
.build();
try {
DescribeCertificateResponse response = acmClient.describeCertificate(req);
// Print the certificate details.
System.out.println("Certificate ARN: " + response.certificate().certificateArn());
System.out.println("Domain Name: " + response.certificate().domainName());
System.out.println("Issued By: " + response.certificate().issuer());
System.out.println("Issued On: " + response.certificate().issuedAt());
System.out.println("Status: " + response.certificate().status());
} catch (AcmException e) {
System.out.println(e.getMessage());
}
}
}
```
+ For API details, see [DescribeCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/DescribeCertificate) in *AWS SDK for Java 2.x API Reference*.
------
#### [ PowerShell ]
**Tools for PowerShell V4**
**Example 1: Returns details of the specified certificate.**
```
Get-ACMCertificateDetail -CertificateArn "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
```
**Output:**
```
CertificateArn : arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
CreatedAt : 1/21/2016 5:55:59 PM
DomainName : www.example.com
DomainValidationOptions : {www.example.com}
InUseBy : {}
IssuedAt : 1/1/0001 12:00:00 AM
Issuer :
KeyAlgorithm : RSA-2048
NotAfter : 1/1/0001 12:00:00 AM
NotBefore : 1/1/0001 12:00:00 AM
RevocationReason :
RevokedAt : 1/1/0001 12:00:00 AM
Serial :
SignatureAlgorithm : SHA256WITHRSA
Status : PENDING_VALIDATION
Subject : CN=www.example.com
SubjectAlternativeNames : {www.example.net}
```
+ For API details, see [DescribeCertificate](https://docs.aws.amazon.com/powershell/v4/reference) in *AWS Tools for PowerShell Cmdlet Reference (V4)*.
**Tools for PowerShell V5**
**Example 1: Returns details of the specified certificate.**
```
Get-ACMCertificateDetail -CertificateArn "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
```
**Output:**
```
CertificateArn : arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
CreatedAt : 1/21/2016 5:55:59 PM
DomainName : www.example.com
DomainValidationOptions : {www.example.com}
InUseBy : {}
IssuedAt : 1/1/0001 12:00:00 AM
Issuer :
KeyAlgorithm : RSA-2048
NotAfter : 1/1/0001 12:00:00 AM
NotBefore : 1/1/0001 12:00:00 AM
RevocationReason :
RevokedAt : 1/1/0001 12:00:00 AM
Serial :
SignatureAlgorithm : SHA256WITHRSA
Status : PENDING_VALIDATION
Subject : CN=www.example.com
SubjectAlternativeNames : {www.example.net}
```
+ For API details, see [DescribeCertificate](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def describe(self, certificate_arn):
"""
Gets certificate metadata.
:param certificate_arn: The Amazon Resource Name (ARN) of the certificate.
:return: Metadata about the certificate.
"""
try:
response = self.acm_client.describe_certificate(
CertificateArn=certificate_arn
)
certificate = response["Certificate"]
logger.info(
"Got metadata for certificate for domain %s.", certificate["DomainName"]
)
except ClientError:
logger.exception("Couldn't get data for certificate %s.", certificate_arn)
raise
else:
return certificate
```
+ For API details, see [DescribeCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/DescribeCertificate) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" iv_certificate_arn = 'arn:aws:acm:region:123456789012:certificate/certificate-id'
oo_result = lo_acm->describecertificate( iv_certificatearn = iv_certificate_arn ).
MESSAGE 'Certificate details retrieved.' TYPE 'I'.
CATCH /aws1/cx_acminvalidarnex.
MESSAGE 'The certificate ARN is not valid.' TYPE 'I'.
CATCH /aws1/cx_acmresourcenotfoundex.
MESSAGE 'Certificate not found.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [DescribeCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `ExportCertificate` with an AWS SDK or CLI
The following code examples show how to use `ExportCertificate`.
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Export an AWS Certificate Manager (ACM) certificate.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param passphrase: A passphrase to decrypt the exported certificate.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::exportCertificate(const Aws::String &certificateArn,
const Aws::String &passphrase,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acm_client(clientConfiguration);
Aws::ACM::Model::ExportCertificateRequest request;
Aws::Utils::CryptoBuffer cryptoBuffer(
reinterpret_cast(passphrase.c_str()),
passphrase.length());
request.WithCertificateArn(certificateArn).WithPassphrase(cryptoBuffer);
Aws::ACM::Model::ExportCertificateOutcome outcome =
acm_client.ExportCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: ExportCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
}
else {
std::cout << "Success: Information about certificate with ARN '"
<< certificateArn << "':" << std::endl << std::endl;
auto result = outcome.GetResult();
std::cout << "Certificate: " << std::endl << std::endl <<
result.GetCertificate() << std::endl << std::endl;
std::cout << "Certificate chain: " << std::endl << std::endl <<
result.GetCertificateChain() << std::endl << std::endl;
std::cout << "Private key: " << std::endl << std::endl <<
result.GetPrivateKey() << std::endl;
}
return outcome.IsSuccess();
}
```
+ For API details, see [ExportCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/ExportCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To export a private certificate issued by a private CA.**
The following `export-certificate` command exports a private certificate, certificate chain, and private key to your display:
```
aws acm export-certificate --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012 --passphrase file://path-to-passphrase-file
```
To export the certificate, chain, and private key to a local file, use the following command:
```
aws acm export-certificate --certificate-arn arn:aws:acm:region:sccount:certificate/12345678-1234-1234-1234-123456789012 --passphrase file://path-to-passphrase-file > c:\temp\export.txt
```
+ For API details, see [ExportCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/export-certificate.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ExportCertificate {
public static void main(String[] args) throws Exception {
final String usage = """
Usage:
Where:
certArn - the ARN of the certificate.
""";
if (args.length != 1) {
System.out.println(usage);
return;
}
String certArn = args[0];
exportCert(certArn);
}
/**
* Exports an SSL/TLS certificate and its associated private key and certificate chain from AWS Certificate Manager (ACM).
*
* @param certArn The Amazon Resource Name (ARN) of the certificate that you want to export.
* @throws IOException If an I/O error occurs while reading the private key passphrase file or exporting the certificate.
*/
public static void exportCert(String certArn) throws IOException {
AcmClient acmClient = AcmClient.create();
// Initialize a file descriptor for the passphrase file.
RandomAccessFile filePassphrase = null;
ByteBuffer bufPassphrase = null;
// Create a file stream for reading the private key passphrase.
try {
filePassphrase = new RandomAccessFile("C:\\AWS\\password.txt", "r");
} catch (IllegalArgumentException | SecurityException | FileNotFoundException ex) {
throw ex;
}
// Create a channel to map the file.
FileChannel channelPassphrase = filePassphrase.getChannel();
// Map the file to the buffer.
try {
bufPassphrase = channelPassphrase.map(FileChannel.MapMode.READ_ONLY, 0, channelPassphrase.size());
channelPassphrase.close();
filePassphrase.close();
} catch (IOException ex) {
throw ex;
}
// Create a request object.
ExportCertificateRequest req = ExportCertificateRequest.builder()
.certificateArn(certArn)
.passphrase(SdkBytes.fromByteBuffer(bufPassphrase))
.build();
// Export the certificate.
ExportCertificateResponse result = null;
try {
result = acmClient.exportCertificate(req);
} catch (InvalidArnException | InvalidTagException | ResourceNotFoundException ex) {
throw ex;
}
// Clear the buffer.
bufPassphrase.clear();
// Display the certificate and certificate chain.
String certificate = result.certificate();
System.out.println(certificate);
String certificateChain = result.certificateChain();
System.out.println(certificateChain);
// This example retrieves but does not display the private key.
String privateKey = result.privateKey();
System.out.println("The example is complete");
}
}
```
+ For API details, see [ExportCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/ExportCertificate) in *AWS SDK for Java 2.x API Reference*.
------
# Use `GetCertificate` with an AWS SDK or CLI
The following code examples show how to use `GetCertificate`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Get an AWS Certificate Manager (ACM) certificate.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::getCertificate(const Aws::String &certificateArn,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::ACM::Model::GetCertificateRequest request;
request.WithCertificateArn(certificateArn);
Aws::ACM::Model::GetCertificateOutcome outcome =
acmClient.GetCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: GetCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
}
else {
std::cout << "Success: Information about certificate with ARN '"
<< certificateArn << "':" << std::endl << std::endl;
auto result = outcome.GetResult();
std::cout << "Certificate: " << std::endl << std::endl <<
result.GetCertificate() << std::endl;
std::cout << "Certificate chain: " << std::endl << std::endl <<
result.GetCertificateChain() << std::endl;
}
return outcome.IsSuccess();
}
```
+ For API details, see [GetCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/GetCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To retrieve an ACM certificate**
The following `get-certificate` command retrieves the certificate for the specified ARN and the certificate chain:
```
aws acm get-certificate --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
```
Output similar to the following is displayed:
```
{
"Certificate": "-----BEGIN CERTIFICATE-----
MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----",
"CertificateChain": "-----BEGIN CERTIFICATE-----
MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----
MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----
MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----"
}
```
+ For API details, see [GetCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/get-certificate.html) in *AWS CLI Command Reference*.
------
#### [ PowerShell ]
**Tools for PowerShell V4**
**Example 1: This example shows how to return a certificate and its chain using the ARN of the certificate.**
```
Get-ACMCertificate -CertificateArn "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
```
+ For API details, see [GetCertificate](https://docs.aws.amazon.com/powershell/v4/reference) in *AWS Tools for PowerShell Cmdlet Reference (V4)*.
**Tools for PowerShell V5**
**Example 1: This example shows how to return a certificate and its chain using the ARN of the certificate.**
```
Get-ACMCertificate -CertificateArn "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
```
+ For API details, see [GetCertificate](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def get(self, certificate_arn):
"""
Gets the body and certificate chain of a certificate.
:param certificate_arn: The ARN of the certificate.
:return: The body and chain of a certificate.
"""
try:
response = self.acm_client.get_certificate(CertificateArn=certificate_arn)
logger.info("Got certificate %s and its chain.", certificate_arn)
except ClientError:
logger.exception("Couldn't get certificate %s.", certificate_arn)
raise
else:
return response
```
+ For API details, see [GetCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/GetCertificate) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" iv_certificate_arn = 'arn:aws:acm:region:123456789012:certificate/certificate-id'
oo_result = lo_acm->getcertificate( iv_certificatearn = iv_certificate_arn ).
MESSAGE 'Certificate body and chain retrieved.' TYPE 'I'.
CATCH /aws1/cx_acminvalidarnex.
MESSAGE 'The certificate ARN is not valid.' TYPE 'I'.
CATCH /aws1/cx_acmresourcenotfoundex.
MESSAGE 'Certificate not found.' TYPE 'I'.
CATCH /aws1/cx_acmrequestinprgssex.
MESSAGE 'Certificate request is in progress.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [GetCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `ImportCertificate` with an AWS SDK or CLI
The following code examples show how to use `ImportCertificate`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Import an AWS Certificate Manager (ACM) certificate.
/*!
\param certificateFile: Path to certificate to import.
\param privateKeyFile: Path to file containing a private key.
\param certificateChainFile: Path to file containing a PEM encoded certificate chain.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::importCertificate(const Aws::String &certificateFile,
const Aws::String &privateKeyFile,
const Aws::String &certificateChainFile,
const Aws::Client::ClientConfiguration &clientConfiguration) {
std::ifstream certificateInStream(certificateFile.c_str());
if (!certificateInStream) {
std::cerr << "Error: The certificate file '" << certificateFile <<
"' does not exist." << std::endl;
return false;
}
std::ifstream privateKeyInstream(privateKeyFile.c_str());
if (!privateKeyInstream) {
std::cerr << "Error: The private key file '" << privateKeyFile <<
"' does not exist." << std::endl;
return false;
}
std::ifstream certificateChainInStream(certificateChainFile.c_str());
if (!certificateChainInStream) {
std::cerr << "Error: The certificate chain file '"
<< certificateChainFile << "' does not exist." << std::endl;
return false;
}
Aws::String certificate;
certificate.assign(std::istreambuf_iterator(certificateInStream),
std::istreambuf_iterator());
Aws::String privateKey;
privateKey.assign(std::istreambuf_iterator(privateKeyInstream),
std::istreambuf_iterator());
Aws::String certificateChain;
certificateChain.assign(std::istreambuf_iterator(certificateChainInStream),
std::istreambuf_iterator());
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::ACM::Model::ImportCertificateRequest request;
request.WithCertificate(Aws::Utils::ByteBuffer((unsigned char *)
certificate.c_str(),
certificate.size()))
.WithPrivateKey(Aws::Utils::ByteBuffer((unsigned char *)
privateKey.c_str(),
privateKey.size()))
.WithCertificateChain(Aws::Utils::ByteBuffer((unsigned char *)
certificateChain.c_str(),
certificateChain.size()));
Aws::ACM::Model::ImportCertificateOutcome outcome =
acmClient.ImportCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: ImportCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
else {
std::cout << "Success: Certificate associated with ARN '" <<
outcome.GetResult().GetCertificateArn() << "' imported."
<< std::endl;
return true;
}
}
```
+ For API details, see [ImportCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/ImportCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To import a certificate into ACM.**
The following `import-certificate` command imports a certificate into ACM. Replace the file names with your own:
```
aws acm import-certificate --certificate file://Certificate.pem --certificate-chain file://CertificateChain.pem --private-key file://PrivateKey.pem
```
+ For API details, see [ImportCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/import-certificate.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ImportCert {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
bucketName - The name of the S3 bucket containing the certificate and private key.
certificateKey - The object key for the SSL/TLS certificate file in S3.
privateKeyKey - The object key for the private key file in S3.
""";
if (args.length != 3) {
System.out.println(usage);
return;
}
String bucketName = args[0];
String certificateKey = args[1];
String privateKeyKey = args[2];
String certificateArn = importCertificate(bucketName, certificateKey, privateKeyKey);
System.out.println("Certificate imported with ARN: " + certificateArn);
}
/**
* Imports an SSL/TLS certificate and private key from S3 into AWS Certificate Manager (ACM).
*
* @param bucketName The name of the S3 bucket.
* @param certificateKey The key for the SSL/TLS certificate file in S3.
* @param privateKeyKey The key for the private key file in S3.
* @return The ARN of the imported certificate.
*/
public static String importCertificate(String bucketName, String certificateKey, String privateKeyKey) {
AcmClient acmClient = AcmClient.create();
S3Client s3Client = S3Client.create();
try {
byte[] certificateBytes = downloadFileFromS3(s3Client, bucketName, certificateKey);
byte[] privateKeyBytes = downloadFileFromS3(s3Client, bucketName, privateKeyKey);
ImportCertificateRequest request = ImportCertificateRequest.builder()
.certificate(SdkBytes.fromByteBuffer(ByteBuffer.wrap(certificateBytes)))
.privateKey(SdkBytes.fromByteBuffer(ByteBuffer.wrap(privateKeyBytes)))
.build();
ImportCertificateResponse response = acmClient.importCertificate(request);
return response.certificateArn();
} catch (IOException e) {
System.err.println("Error downloading certificate or private key from S3: " + e.getMessage());
} catch (S3Exception e) {
System.err.println("S3 error: " + e.awsErrorDetails().errorMessage());
}
return "";
}
/**
* Downloads a file from Amazon S3 and returns its contents as a byte array.
*
* @param s3Client The S3 client.
* @param bucketName The name of the S3 bucket.
* @param objectKey The key of the object in S3.
* @return The file contents as a byte array.
* @throws IOException If an I/O error occurs.
*/
private static byte[] downloadFileFromS3(S3Client s3Client, String bucketName, String objectKey) throws IOException {
GetObjectRequest getObjectRequest = GetObjectRequest.builder()
.bucket(bucketName)
.key(objectKey)
.build();
try (ResponseInputStream s3Object = s3Client.getObject(getObjectRequest);
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
IoUtils.copy(s3Object, byteArrayOutputStream);
return byteArrayOutputStream.toByteArray();
}
}
}
```
+ For API details, see [ImportCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/ImportCertificate) in *AWS SDK for Java 2.x API Reference*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def import_certificate(self, certificate_body, private_key):
"""
Imports a self-signed certificate to ACM.
:param certificate_body: The body of the certificate, in PEM format.
:param private_key: The unencrypted private key of the certificate, in PEM
format.
:return: The ARN of the imported certificate.
"""
try:
response = self.acm_client.import_certificate(
Certificate=certificate_body, PrivateKey=private_key
)
certificate_arn = response["CertificateArn"]
logger.info("Imported certificate.")
except ClientError:
logger.exception("Couldn't import certificate.")
raise
else:
return certificate_arn
```
+ For API details, see [ImportCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ImportCertificate) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" Only pass certificate chain if it's provided (it's optional)
IF iv_certificate_chain IS NOT INITIAL.
DATA(lo_result) = lo_acm->importcertificate(
iv_certificate = iv_certificate
iv_privatekey = iv_private_key
iv_certificatechain = iv_certificate_chain
).
ELSE.
lo_result = lo_acm->importcertificate(
iv_certificate = iv_certificate
iv_privatekey = iv_private_key
).
ENDIF.
ov_certificate_arn = lo_result->get_certificatearn( ).
MESSAGE 'Certificate imported successfully.' TYPE 'I'.
CATCH /aws1/cx_acminvalidparameterex.
MESSAGE 'Invalid parameter provided.' TYPE 'I'.
CATCH /aws1/cx_acmlimitexceededex.
MESSAGE 'Certificate limit exceeded.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [ImportCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `ListCertificates` with an AWS SDK or CLI
The following code examples show how to use `ListCertificates`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ .NET ]
**SDK for .NET**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/ACM#code-examples).
```
using System;
using System.Threading.Tasks;
using Amazon;
using Amazon.CertificateManager;
using Amazon.CertificateManager.Model;
namespace ListCertificates
{
// The following example retrieves and displays a list of the
// certificates defined for the default account using the AWS
// Certificate Manager (ACM) service.
class ListCertificates
{
// Specify your AWS Region (an example Region is shown).
private static readonly RegionEndpoint ACMRegion = RegionEndpoint.USEast1;
private static AmazonCertificateManagerClient _client;
static void Main(string[] args)
{
_client = new AmazonCertificateManagerClient(ACMRegion);
var certificateList = ListCertificatesResponseAsync(client: _client);
Console.WriteLine("Certificate Summary List\n");
foreach (var certificate in certificateList.Result.CertificateSummaryList)
{
Console.WriteLine($"Certificate Domain: {certificate.DomainName}");
Console.WriteLine($"Certificate ARN: {certificate.CertificateArn}\n");
}
}
///
/// Retrieves a list of the certificates defined in this Region.
///
/// The ACM client object passed to the
/// ListCertificateResAsync method call.
///
/// The ListCertificatesResponse.
static async Task ListCertificatesResponseAsync(
AmazonCertificateManagerClient client)
{
var request = new ListCertificatesRequest();
var response = await client.ListCertificatesAsync(request);
return response;
}
}
}
```
+ For API details, see [ListCertificates](https://docs.aws.amazon.com/goto/DotNetSDKV3/acm-2015-12-08/ListCertificates) in *AWS SDK for .NET API Reference*.
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! List the AWS Certificate Manager (ACM) certificates in an account.
/*!
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::listCertificates(
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::ACM::Model::ListCertificatesRequest request;
Aws::Vector allCertificates;
Aws::String nextToken;
do {
if (!nextToken.empty()) {
request.SetNextToken(nextToken);
}
Aws::ACM::Model::ListCertificatesOutcome outcome =
acmClient.ListCertificates(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: ListCertificates: " <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
else {
const Aws::ACM::Model::ListCertificatesResult &result = outcome.GetResult();
const Aws::Vector &certificates =
result.GetCertificateSummaryList();
allCertificates.insert(allCertificates.end(), certificates.begin(),
certificates.end());
nextToken = result.GetNextToken();
}
} while (!nextToken.empty());
if (!allCertificates.empty()) {
for (const Aws::ACM::Model::CertificateSummary &certificate: allCertificates) {
std::cout << "Certificate ARN: " <<
certificate.GetCertificateArn() << std::endl;
std::cout << "Domain name: " <<
certificate.GetDomainName() << std::endl << std::endl;
}
}
else {
std::cout << "No available certificates found in account."
<< std::endl;
}
return true;
}
```
+ For API details, see [ListCertificates](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/ListCertificates) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To list the ACM certificates for an AWS account**
The following `list-certificates` command lists the ARNs of the certificates in your account:
```
aws acm list-certificates
```
The preceding command produces output similar to the following:
```
{
"CertificateSummaryList": [
{
"CertificateArn": "arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012",
"DomainName": "www.example.com"
},
{
"CertificateArn": "arn:aws:acm:region:account:certificate/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"DomainName": "www.example.net"
}
]
}
```
You can decide how many certificates you want to display each time you call `list-certificates`. For example, if you have four certificates and you want to display no more than two at a time, set the `max-items` argument to 2 as in the following example:
```
aws acm list-certificates --max-items 2
```
Two certificate ARNs and a `NextToken` value will be displayed:
```
"CertificateSummaryList": [
{
"CertificateArn": "arn:aws:acm:region:account: \
certificate/12345678-1234-1234-1234-123456789012",
"DomainName": "www.example.com"
},
{
"CertificateArn": "arn:aws:acm:region:account: \
certificate/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"DomainName": "www.example.net"
}
],
"NextToken": "9f4d9f69-275a-41fe-b58e-2b837bd9ba48"
```
To display the next two certificates in your account, set this `NextToken` value in your next call:
```
aws acm list-certificates --max-items 2 --next-token 9f4d9f69-275a-41fe-b58e-2b837bd9ba48
```
You can filter your output by using the `certificate-statuses` argument. The following command displays certificates that have a PENDING\$1VALIDATION status:
```
aws acm list-certificates --certificate-statuses PENDING_VALIDATION
```
You can also filter your output by using the `includes` argument. The following command displays certificates filtered on the following properties. The certificates to be displayed:
```
- Specify that the RSA algorithm and a 2048 bit key are used to generate key pairs.
- Contain a Key Usage extension that specifies that the certificates can be used to create digital signatures.
- Contain an Extended Key Usage extension that specifies that the certificates can be used for code signing.
aws acm list-certificates --max-items 10 --includes extendedKeyUsage=CODE_SIGNING,keyUsage=DIGITAL_SIGNATURE,keyTypes=RSA_2048
```
+ For API details, see [ListCertificates](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/list-certificates.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListCerts {
public static void main(String[] args) {
listCertificates();
}
/**
* Lists all the certificates managed by AWS Certificate Manager (ACM) that have a status of "ISSUED".
*/
public static void listCertificates() {
AcmClient acmClient = AcmClient.create();
try {
ListCertificatesRequest listRequest = ListCertificatesRequest.builder()
.certificateStatuses(CertificateStatus.ISSUED)
.maxItems(100)
.build();
ListCertificatesIterable listResponse = acmClient.listCertificatesPaginator(listRequest);
// Print the certificate details using streams
listResponse.certificateSummaryList().stream()
.forEach(certificate -> {
System.out.println("Certificate ARN: " + certificate.certificateArn());
System.out.println("Certificate Domain Name: " + certificate.domainName());
System.out.println("Certificate Status: " + certificate.statusAsString());
System.out.println("---");
});
} catch (AcmException e) {
System.err.println(e.getMessage());
}
}
}
```
+ For API details, see [ListCertificates](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/ListCertificates) in *AWS SDK for Java 2.x API Reference*.
------
#### [ PowerShell ]
**Tools for PowerShell V4**
**Example 1: Retrieves a list of all your certificate ARNs and the domain name for each. The cmdlet will automatically paginate to retrieve all the ARNs. To manually control pagination, use the -MaxItem parameter to control how many certificate ARNs are returned for each service call and the -NextToken parameter to indicate the starting point for each call.**
```
Get-ACMCertificateList
```
**Output:**
```
CertificateArn DomainName
-------------- ----------
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 www.example.com
```
**Example 2: Retrieves a list of all your certificate ARNs where the certificate status matches on the supplied states.**
```
Get-ACMCertificateList -CertificateStatus "VALIDATION_TIMED_OUT","FAILED"
```
**Example 3: This example returns a list of all certificates in the us-east-1 region that have a key type of RSA\$12048, and an extended key usage, or purpose, of CODE\$1SIGNING. You can find the values for these filtering parameters in the ListCertificates Filters API reference topic: https://docs.aws.amazon.com/acm/latest/APIReference/API\$1Filters.html.**
```
Get-ACMCertificateList -Region us-east-1 -Includes_KeyType RSA_2048 -Includes_ExtendedKeyUsage CODE_SIGNING
```
**Output:**
```
CertificateArn DomainName
-------------- ----------
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-d7c0-48c1-af8d-2133d8f30zzz *.route53docs.com
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-98a5-443d-a734-800430c80zzz nerdzizm.net
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-2be6-4376-8fa7-bad559525zzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-e7ca-44c5-803e-24d9f2f36zzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-1241-4b71-80b1-090305a62zzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-8709-4568-8c64-f94617c99zzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-a8fa-4a61-98cf-e08ccc0eezzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-fa47-40fe-a714-2d277d3eezzz *.route53docs.com
```
+ For API details, see [ListCertificates](https://docs.aws.amazon.com/powershell/v4/reference) in *AWS Tools for PowerShell Cmdlet Reference (V4)*.
**Tools for PowerShell V5**
**Example 1: Retrieves a list of all your certificate ARNs and the domain name for each. The cmdlet will automatically paginate to retrieve all the ARNs. To manually control pagination, use the -MaxItem parameter to control how many certificate ARNs are returned for each service call and the -NextToken parameter to indicate the starting point for each call.**
```
Get-ACMCertificateList
```
**Output:**
```
CertificateArn DomainName
-------------- ----------
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 www.example.com
```
**Example 2: Retrieves a list of all your certificate ARNs where the certificate status matches on the supplied states.**
```
Get-ACMCertificateList -CertificateStatus "VALIDATION_TIMED_OUT","FAILED"
```
**Example 3: This example returns a list of all certificates in the us-east-1 region that have a key type of RSA\$12048, and an extended key usage, or purpose, of CODE\$1SIGNING. You can find the values for these filtering parameters in the ListCertificates Filters API reference topic: https://docs.aws.amazon.com/acm/latest/APIReference/API\$1Filters.html.**
```
Get-ACMCertificateList -Region us-east-1 -Includes_KeyType RSA_2048 -Includes_ExtendedKeyUsage CODE_SIGNING
```
**Output:**
```
CertificateArn DomainName
-------------- ----------
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-d7c0-48c1-af8d-2133d8f30zzz *.route53docs.com
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-98a5-443d-a734-800430c80zzz nerdzizm.net
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-2be6-4376-8fa7-bad559525zzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-e7ca-44c5-803e-24d9f2f36zzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-1241-4b71-80b1-090305a62zzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-8709-4568-8c64-f94617c99zzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-a8fa-4a61-98cf-e08ccc0eezzz
arn:aws:acm:us-east-1:8xxxxxxxxxxx:certificate/xxxxxxxx-fa47-40fe-a714-2d277d3eezzz *.route53docs.com
```
+ For API details, see [ListCertificates](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def list(
self,
max_items,
statuses=None,
key_usage=None,
extended_key_usage=None,
key_types=None,
):
"""
Lists the certificates for the current account.
:param max_items: The maximum number of certificates to list.
:param statuses: Filters the results to the specified statuses. If None, all
certificates are included.
:param key_usage: Filters the results to the specified key usages. If None,
all key usages are included.
:param extended_key_usage: Filters the results to the specified extended key
usages. If None, all extended key usages are
included.
:param key_types: Filters the results to the specified key types. If None, all
key types are included.
:return: The list of certificates.
"""
try:
kwargs = {"MaxItems": max_items}
if statuses is not None:
kwargs["CertificateStatuses"] = statuses
includes = {}
if key_usage is not None:
includes["keyUsage"] = key_usage
if extended_key_usage is not None:
includes["extendedKeyUsage"] = extended_key_usage
if key_types is not None:
includes["keyTypes"] = key_types
if includes:
kwargs["Includes"] = includes
response = self.acm_client.list_certificates(**kwargs)
certificates = response["CertificateSummaryList"]
logger.info("Got %s certificates.", len(certificates))
except ClientError:
logger.exception("Couldn't get certificates.")
raise
else:
return certificates
```
+ For API details, see [ListCertificates](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ListCertificates) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
oo_result = lo_acm->listcertificates(
iv_maxitems = iv_max_items
it_certificatestatuses = it_statuses
io_includes = io_includes
).
MESSAGE 'Certificates listed successfully.' TYPE 'I'.
CATCH /aws1/cx_acminvalidargsex.
MESSAGE 'Invalid arguments provided.' TYPE 'I'.
CATCH /aws1/cx_acmvalidationex.
MESSAGE 'Validation error occurred.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [ListCertificates](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `ListTagsForCertificate` with an AWS SDK or CLI
The following code examples show how to use `ListTagsForCertificate`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! List the tags for an AWS Certificate Manager (ACM) certificate.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::listTagsForCertificate(const Aws::String &certificateArn,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acm_client(clientConfiguration);
Aws::ACM::Model::ListTagsForCertificateRequest request;
request.WithCertificateArn(certificateArn);
Aws::ACM::Model::ListTagsForCertificateOutcome outcome =
acm_client.ListTagsForCertificate(request);
if (!outcome.IsSuccess()) {
std::cout << "Error: ListTagsForCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
else {
std::cout << "Success: Information about tags for "
"certificate with ARN '"
<< certificateArn << "':" << std::endl << std::endl;
auto result = outcome.GetResult();
Aws::Vector tags =
result.GetTags();
if (tags.size() > 0) {
for (const Aws::ACM::Model::Tag &tag: tags) {
std::cout << "Key: " << tag.GetKey() << std::endl;
std::cout << "Value: " << tag.GetValue()
<< std::endl << std::endl;
}
}
else {
std::cout << "No tags found." << std::endl;
}
return true;
}
}
```
+ For API details, see [ListTagsForCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/ListTagsForCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To list the tags applied to an ACM Certificate**
The following `list-tags-for-certificate` command lists the tags applied to a certificate in your account:
```
aws acm list-tags-for-certificate --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
```
The preceding command produces output similar to the following:
```
{
"Tags": [
{
"Value": "Website",
"Key": "Purpose"
},
{
"Value": "Alice",
"Key": "Admin"
}
]
}
```
+ For API details, see [ListTagsForCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/list-tags-for-certificate.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListCertTags {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
certArn - the ARN of the certificate.
""";
if (args.length != 1) {
System.out.println(usage);
return;
}
String certArn = args[0];
listCertTags(certArn);
}
/**
* Lists the tags associated with an AWS Certificate Manager (ACM) certificate.
*
* @param certArn the Amazon Resource Name (ARN) of the ACM certificate
*/
public static void listCertTags(String certArn) {
AcmClient acmClient = AcmClient.create();
ListTagsForCertificateRequest request = ListTagsForCertificateRequest.builder()
.certificateArn(certArn)
.build();
ListTagsForCertificateResponse response = acmClient.listTagsForCertificate(request);
List tagList = response.tags();
tagList.forEach(tag -> {
System.out.println("Key: " + tag.key());
System.out.println("Value: " + tag.value());
});
}
}
```
+ For API details, see [ListTagsForCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/ListTagsForCertificate) in *AWS SDK for Java 2.x API Reference*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def list_tags(self, certificate_arn):
"""
Lists the tags attached to a certificate.
:param certificate_arn: The ARN of the certificate.
:return: The dictionary of certificate tags.
"""
try:
response = self.acm_client.list_tags_for_certificate(
CertificateArn=certificate_arn
)
tags = {tag["Key"]: tag["Value"] for tag in response["Tags"]}
logger.info("Got %s tags for certificates %s.", len(tags), certificate_arn)
except ClientError:
logger.exception("Couldn't get tags for certificate %s.", certificate_arn)
raise
else:
return tags
```
+ For API details, see [ListTagsForCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ListTagsForCertificate) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" iv_certificate_arn = 'arn:aws:acm:region:123456789012:certificate/certificate-id'
DATA(lo_result) = lo_acm->listtagsforcertificate(
iv_certificatearn = iv_certificate_arn
).
ot_tags = lo_result->get_tags( ).
MESSAGE 'Certificate tags retrieved successfully.' TYPE 'I'.
CATCH /aws1/cx_acminvalidarnex.
MESSAGE 'The certificate ARN is not valid.' TYPE 'I'.
CATCH /aws1/cx_acmresourcenotfoundex.
MESSAGE 'Certificate not found.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [ListTagsForCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `RemoveTagsFromCertificate` with an AWS SDK or CLI
The following code examples show how to use `RemoveTagsFromCertificate`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Remove a tag from an ACM certificate.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param tagKey: The key for the tag.
\param tagValue: The value for the tag.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::removeTagsFromCertificate(const Aws::String &certificateArn,
const Aws::String &tagKey,
const Aws::String &tagValue,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::Vector tags;
Aws::ACM::Model::Tag tag;
tag.SetKey(tagKey);
tags.push_back(tag);
Aws::ACM::Model::RemoveTagsFromCertificateRequest request;
request.WithCertificateArn(certificateArn)
.WithTags(tags);
Aws::ACM::Model::RemoveTagsFromCertificateOutcome outcome =
acmClient.RemoveTagsFromCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: RemoveTagFromCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
else {
std::cout << "Success: Tag with key '" << tagKey << "' removed from "
<< "certificate with ARN '" << certificateArn << "'." << std::endl;
return true;
}
}
```
+ For API details, see [RemoveTagsFromCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/RemoveTagsFromCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To remove a tag from an ACM Certificate**
The following `remove-tags-from-certificate` command removes two tags from the specified certificate. Use a space to separate multiple tags:
```
aws acm remove-tags-from-certificate --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012 --tags Key=Admin,Value=Alice Key=Purpose,Value=Website
```
+ For API details, see [RemoveTagsFromCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/remove-tags-from-certificate.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class RemoveTagsFromCert {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
certArn - the ARN of the certificate.
""";
if (args.length != 1) {
System.out.println(usage);
return;
}
String certArn = args[0];
removeTags(certArn);
}
/**
* Removes tags from an AWS Certificate Manager (ACM) certificate.
*
* @param certArn the Amazon Resource Name (ARN) of the certificate from which to remove tags
*/
public static void removeTags(String certArn) {
AcmClient acmClient = AcmClient.create();
List expectedTags = List.of(Tag.builder().key("key").value("value").build());
RemoveTagsFromCertificateRequest req = RemoveTagsFromCertificateRequest.builder()
.certificateArn(certArn)
.tags(expectedTags)
.build();
try {
acmClient.removeTagsFromCertificate(req);
System.out.println("Successfully removed tags from the certificate");
} catch (AcmException e) {
System.err.println(e.getMessage());
}
}
}
```
+ For API details, see [RemoveTagsFromCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/RemoveTagsFromCertificate) in *AWS SDK for Java 2.x API Reference*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def remove_tags(self, certificate_arn, tags):
"""
Removes tags from a certificate. If the value of a tag is specified, the tag is
removed only when the value matches the value of the certificate's tag.
Otherwise, the tag is removed regardless of its value.
:param certificate_arn: The ARN of the certificate.
:param tags: The dictionary of tags to remove.
"""
try:
cert_tags = []
for key, value in tags.items():
tag = {"Key": key}
if value is not None:
tag["Value"] = value
cert_tags.append(tag)
self.acm_client.remove_tags_from_certificate(
CertificateArn=certificate_arn, Tags=cert_tags
)
logger.info(
"Removed %s tags from certificate %s.", len(tags), certificate_arn
)
except ClientError:
logger.exception(
"Couldn't remove tags from certificate %s.", certificate_arn
)
raise
```
+ For API details, see [RemoveTagsFromCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/RemoveTagsFromCertificate) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" iv_certificate_arn = 'arn:aws:acm:region:123456789012:certificate/certificate-id'
lo_acm->removetagsfromcertificate(
iv_certificatearn = iv_certificate_arn
it_tags = it_tags
).
MESSAGE 'Tags removed from certificate successfully.' TYPE 'I'.
CATCH /aws1/cx_acminvalidarnex.
MESSAGE 'The certificate ARN is not valid.' TYPE 'I'.
CATCH /aws1/cx_acmresourcenotfoundex.
MESSAGE 'Certificate not found.' TYPE 'I'.
CATCH /aws1/cx_acminvalidtagex.
MESSAGE 'Invalid tag provided.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [RemoveTagsFromCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `RenewCertificate` with an AWS SDK
The following code examples show how to use `RenewCertificate`.
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Renew an AWS Certificate Manager (ACM) certificate.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::renewCertificate(const Aws::String &certificateArn,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::ACM::Model::RenewCertificateRequest request;
request.SetCertificateArn(certificateArn);
Aws::ACM::Model::RenewCertificateOutcome outcome =
acmClient.RenewCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: RenewCertificate: " <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
else {
std::cout << "Success: Renewed certificate with ARN '"
<< certificateArn << "'." << std::endl;
return true;
}
}
```
+ For API details, see [RenewCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/RenewCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class RenewCert {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
certArn - the ARN of the certificate.
""";
if (args.length != 1) {
System.out.println(usage);
return;
}
String certArn = args[0];
renewCertificate(certArn);
}
/**
* Renews an existing SSL/TLS certificate in AWS Certificate Manager (ACM).
*
* @param certArn The Amazon Resource Name (ARN) of the certificate to be renewed.
* @throws AcmException If there is an error renewing the certificate.
*/
public static void renewCertificate(String certArn) {
AcmClient acmClient = AcmClient.create();
RenewCertificateRequest certificateRequest = RenewCertificateRequest.builder()
.certificateArn(certArn)
.build();
try {
acmClient.renewCertificate(certificateRequest);
System.out.println("The certificate was renewed");
} catch(AcmException e){
System.out.println(e.getMessage());
}
}
}
```
+ For API details, see [RenewCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/RenewCertificate) in *AWS SDK for Java 2.x API Reference*.
------
# Use `RequestCertificate` with an AWS SDK or CLI
The following code examples show how to use `RequestCertificate`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Request an AWS Certificate Manager (ACM) certificate.
/*!
\param domainName: A fully qualified domain name.
\param idempotencyToken: Customer chosen string for idempotency.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::requestCertificate(const Aws::String &domainName,
const Aws::String &idempotencyToken,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::ACM::Model::RequestCertificateRequest request;
request.WithDomainName(domainName)
.WithIdempotencyToken(idempotencyToken);
Aws::ACM::Model::RequestCertificateOutcome outcome =
acmClient.RequestCertificate(request);
if (!outcome.IsSuccess()) {
std::cerr << "RequestCertificate error: " <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
else {
std::cout << "Success: The newly requested certificate's "
"ARN is '" <<
outcome.GetResult().GetCertificateArn() <<
"'." << std::endl;
return true;
}
}
```
+ For API details, see [RequestCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/RequestCertificate) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To request a new ACM certificate**
The following `request-certificate` command requests a new certificate for the www.example.com domain using DNS validation:
```
aws acm request-certificate --domain-name www.example.com --validation-method DNS
```
You can enter an idempotency token to distinguish between calls to `request-certificate`:
```
aws acm request-certificate --domain-name www.example.com --validation-method DNS --idempotency-token 91adc45q
```
You can enter one or more subject alternative names to request a certificate that will protect more than one apex domain:
```
aws acm request-certificate --domain-name example.com --validation-method DNS --idempotency-token 91adc45q --subject-alternative-names www.example.net
```
You can enter an alternative name that can also be used to reach your website:
```
aws acm request-certificate --domain-name example.com --validation-method DNS --idempotency-token 91adc45q --subject-alternative-names www.example.com
```
You can use an asterisk (\$1) as a wildcard to create a certificate for several subdomains in the same domain:
```
aws acm request-certificate --domain-name example.com --validation-method DNS --idempotency-token 91adc45q --subject-alternative-names *.example.com
```
You can also enter multiple alternative names:
```
aws acm request-certificate --domain-name example.com --validation-method DNS --subject-alternative-names b.example.com c.example.com d.example.com
```
If you are using email for validation, you can enter domain validation options to specify the domain to which the validation email will be sent:
```
aws acm request-certificate --domain-name example.com --validation-method EMAIL --subject-alternative-names www.example.com --domain-validation-options DomainName=example.com,ValidationDomain=example.com
```
The following command opts out of certificate transparency logging when you request a new certificate:
```
aws acm request-certificate --domain-name www.example.com --validation-method DNS --options CertificateTransparencyLoggingPreference=DISABLED --idempotency-token 184627
```
+ For API details, see [RequestCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/request-certificate.html) in *AWS CLI Command Reference*.
------
#### [ Java ]
**SDK for Java 2.x**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples).
```
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class RequestCert {
public static void main(String[] args) {
requestCertificate();
}
/**
* Requests a certificate from the AWS Certificate Manager (ACM) service.
*/
public static void requestCertificate() {
AcmClient acmClient = AcmClient.create();
ArrayList san = new ArrayList<>();
san.add("www.example.com");
RequestCertificateRequest req = RequestCertificateRequest.builder()
.domainName("example.com")
.idempotencyToken("1Aq25pTy")
.subjectAlternativeNames(san)
.build();
try {
RequestCertificateResponse response = acmClient.requestCertificate(req);
System.out.println("Cert ARN IS " + response.certificateArn());
} catch (AcmException e) {
System.err.println(e.getMessage());
}
}
}
```
+ For API details, see [RequestCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/RequestCertificate) in *AWS SDK for Java 2.x API Reference*.
------
#### [ PowerShell ]
**Tools for PowerShell V4**
**Example 1: Creates a new certificate. The service returns the ARN of the new certificate.**
```
New-ACMCertificate -DomainName "www.example.com"
```
**Output:**
```
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
```
**Example 2: Creates a new certificate. The service returns the ARN of the new certificate.**
```
New-ACMCertificate -DomainName "www.example.com" -SubjectAlternativeName "example.com","www.example.net"
```
**Output:**
```
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
```
+ For API details, see [RequestCertificate](https://docs.aws.amazon.com/powershell/v4/reference) in *AWS Tools for PowerShell Cmdlet Reference (V4)*.
**Tools for PowerShell V5**
**Example 1: Creates a new certificate. The service returns the ARN of the new certificate.**
```
New-ACMCertificate -DomainName "www.example.com"
```
**Output:**
```
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
```
**Example 2: Creates a new certificate. The service returns the ARN of the new certificate.**
```
New-ACMCertificate -DomainName "www.example.com" -SubjectAlternativeName "example.com","www.example.net"
```
**Output:**
```
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
```
+ For API details, see [RequestCertificate](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def request_validation(
self, domain, alternate_domains, method, validation_domains=None
):
"""
Starts a validation request that results in a new certificate being issued
by ACM. DNS validation requires that you add CNAME records to your DNS
provider. Email validation sends email to a list of email addresses that
are associated with the domain.
For more information, see _Issuing and managing certificates_ in the ACM
user guide.
https://docs.aws.amazon.com/acm/latest/userguide/gs.html
:param domain: The primary domain to associate with the certificate.
:param alternate_domains: Subject Alternate Names (SANs) for the certificate.
:param method: The validation method, either DNS or EMAIL.
:param validation_domains: Alternate domains to use for email validation, when
the email domain differs from the primary domain of
the certificate.
:return: The ARN of the requested certificate.
"""
try:
kwargs = {
"DomainName": domain,
"ValidationMethod": method,
"SubjectAlternativeNames": alternate_domains,
}
if validation_domains is not None:
kwargs["DomainValidationOptions"] = [
{"DomainName": key, "ValidationDomain": value}
for key, value in validation_domains.items()
]
response = self.acm_client.request_certificate(**kwargs)
certificate_arn = response["CertificateArn"]
logger.info(
"Requested %s validation for domain %s. Certificate ARN is %s.",
method,
domain,
certificate_arn,
)
except ClientError:
logger.exception(
"Request for %s validation of domain %s failed.", method, domain
)
raise
else:
return certificate_arn
```
+ For API details, see [RequestCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/RequestCertificate) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" iv_domain_name = 'example.com'
" iv_validation_method = 'DNS' or 'EMAIL'
DATA(lo_result) = lo_acm->requestcertificate(
iv_domainname = iv_domain_name
it_subjectalternativenames = COND #( WHEN it_alternate_domains IS NOT INITIAL
THEN it_alternate_domains )
iv_validationmethod = iv_validation_method
).
ov_certificate_arn = lo_result->get_certificatearn( ).
MESSAGE 'Certificate requested successfully.' TYPE 'I'.
CATCH /aws1/cx_acminvalidparameterex.
MESSAGE 'Invalid parameter provided.' TYPE 'I'.
CATCH /aws1/cx_acmlimitexceededex.
MESSAGE 'Certificate limit exceeded.' TYPE 'I'.
CATCH /aws1/cx_acminvdomvationoptsex.
MESSAGE 'Invalid domain validation options.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [RequestCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `ResendValidationEmail` with an AWS SDK or CLI
The following code examples show how to use `ResendValidationEmail`.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
+ [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md)
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Resend the email that requests domain ownership validation.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param domainName: A fully qualified domain name.
\param validationDomain: The base validation domain that will act as the suffix
of the email addresses.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::resendValidationEmail(const Aws::String &certificateArn,
const Aws::String &domainName,
const Aws::String &validationDomain,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::ACM::Model::ResendValidationEmailRequest request;
request.WithCertificateArn(certificateArn)
.WithDomain(domainName)
.WithValidationDomain(validationDomain);
Aws::ACM::Model::ResendValidationEmailOutcome outcome =
acmClient.ResendValidationEmail(request);
if (!outcome.IsSuccess()) {
std::cerr << "ResendValidationEmail error: " <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
else {
std::cout << "Success: The validation email has been resent."
<< std::endl;
return true;
}
}
```
+ For API details, see [ResendValidationEmail](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/ResendValidationEmail) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To resend validation email for your ACM certificate request**
The following `resend-validation-email` command tells the Amazon certificate authority to send validation email to the appropriate addresses:
```
aws acm resend-validation-email --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012 --domain www.example.com --validation-domain example.com
```
+ For API details, see [ResendValidationEmail](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/resend-validation-email.html) in *AWS CLI Command Reference*.
------
#### [ PowerShell ]
**Tools for PowerShell V4**
**Example 1: Requests that the email to validate domain ownership for 'www.example.com' be sent. If your shell's \$1ConfirmPreference is set to 'Medium' or lower, the cmdlet will prompt for confirmation before proceeeding. Add the -Force switch to suppress confirmation prompts.**
```
$params = @{
CertificateArn="arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
Domain="www.example.com"
ValidationDomain="example.com"
}
Send-ACMValidationEmail @params
```
+ For API details, see [ResendValidationEmail](https://docs.aws.amazon.com/powershell/v4/reference) in *AWS Tools for PowerShell Cmdlet Reference (V4)*.
**Tools for PowerShell V5**
**Example 1: Requests that the email to validate domain ownership for 'www.example.com' be sent. If your shell's \$1ConfirmPreference is set to 'Medium' or lower, the cmdlet will prompt for confirmation before proceeeding. Add the -Force switch to suppress confirmation prompts.**
```
$params = @{
CertificateArn="arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
Domain="www.example.com"
ValidationDomain="example.com"
}
Send-ACMValidationEmail @params
```
+ For API details, see [ResendValidationEmail](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*.
------
#### [ Python ]
**SDK for Python (Boto3)**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples).
```
class AcmCertificate:
"""
Encapsulates ACM functions.
"""
def __init__(self, acm_client):
"""
:param acm_client: A Boto3 ACM client.
"""
self.acm_client = acm_client
def resend_validation_email(self, certificate_arn, domain, validation_domain):
"""
Request that validation email is sent again, for a certificate that was
previously requested with email validation.
:param certificate_arn: The ARN of the certificate.
:param domain: The primary domain of the certificate.
:param validation_domain: Alternate domain to use for determining email
addresses to use for validation.
"""
try:
self.acm_client.resend_validation_email(
CertificateArn=certificate_arn,
Domain=domain,
ValidationDomain=validation_domain,
)
logger.info(
"Validation email resent to validation domain %s.", validation_domain
)
except ClientError:
logger.exception(
"Couldn't resend validation email to %s.", validation_domain
)
raise
```
+ For API details, see [ResendValidationEmail](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ResendValidationEmail) in *AWS SDK for Python (Boto3) API Reference*.
------
#### [ SAP ABAP ]
**SDK for SAP ABAP**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples).
```
TRY.
" iv_certificate_arn = 'arn:aws:acm:region:123456789012:certificate/certificate-id'
" iv_domain = 'example.com'
" iv_validation_domain = 'example.com'
lo_acm->resendvalidationemail(
iv_certificatearn = iv_certificate_arn
iv_domain = iv_domain
iv_validationdomain = iv_validation_domain
).
MESSAGE 'Validation email resent successfully.' TYPE 'I'.
CATCH /aws1/cx_acminvalidarnex.
MESSAGE 'The certificate ARN is not valid.' TYPE 'I'.
CATCH /aws1/cx_acmresourcenotfoundex.
MESSAGE 'Certificate not found.' TYPE 'I'.
CATCH /aws1/cx_acminvalidstateex.
MESSAGE 'Certificate is not in a valid state.' TYPE 'I'.
CATCH /aws1/cx_acminvdomvationoptsex.
MESSAGE 'Invalid domain validation options.' TYPE 'I'.
ENDTRY.
```
+ For API details, see [ResendValidationEmail](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.
------
# Use `UpdateCertificateOptions` with an AWS SDK or CLI
The following code examples show how to use `UpdateCertificateOptions`.
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples).
```
//! Update an AWS Certificate Manager (ACM) certificate option.
/*!
\param certificateArn: The Amazon Resource Name (ARN) of a certificate.
\param loggingEnabled: Boolean specifying logging enabled.
\param clientConfiguration: AWS client configuration.
\return bool: Function succeeded.
*/
bool AwsDoc::ACM::updateCertificateOption(const Aws::String &certificateArn,
bool loggingEnabled,
const Aws::Client::ClientConfiguration &clientConfiguration) {
Aws::ACM::ACMClient acmClient(clientConfiguration);
Aws::ACM::Model::UpdateCertificateOptionsRequest request;
request.SetCertificateArn(certificateArn);
Aws::ACM::Model::CertificateOptions options;
if (loggingEnabled) {
options.SetCertificateTransparencyLoggingPreference(
Aws::ACM::Model::CertificateTransparencyLoggingPreference::ENABLED);
}
else {
options.SetCertificateTransparencyLoggingPreference(
Aws::ACM::Model::CertificateTransparencyLoggingPreference::DISABLED);
}
request.SetOptions(options);
Aws::ACM::Model::UpdateCertificateOptionsOutcome outcome =
acmClient.UpdateCertificateOptions(request);
if (!outcome.IsSuccess()) {
std::cerr << "UpdateCertificateOption error: " <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
else {
std::cout << "Success: The option '"
<< (loggingEnabled ? "enabled" : "disabled") << "' has been set for "
"the certificate with the ARN '"
<< certificateArn << "'."
<< std::endl;
return true;
}
}
```
+ For API details, see [UpdateCertificateOptions](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/UpdateCertificateOptions) in *AWS SDK for C\$1\$1 API Reference*.
------
#### [ CLI ]
**AWS CLI**
**To update the certificate options**
The following `update-certificate-options` command opts out of certificate transparency logging:
```
aws acm update-certificate-options --certificate-arn arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012 --options CertificateTransparencyLoggingPreference=DISABLED
```
+ For API details, see [UpdateCertificateOptions](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/update-certificate-options.html) in *AWS CLI Command Reference*.
------