Skip to content
qibdo qibdo
v1
API version
  • v1
Theme
Book a demo

List Certificates

GET
/vault/v1/workspaces/{workspace}/engines/qibdo/certificateAuthorities/{certificate_authority}/certificates
curl --request GET \
--url https://example.com/vault/v1/workspaces/example/engines/qibdo/certificateAuthorities/example/certificates

Returns a paginated list of certificates issued by the given CA.

workspace
required
string

The workspace the CA belongs to.

certificate_authority
required
string

The CA whose certificates will be listed.

page_size
integer format: int32

The maximum number of certificates to return. The service may return fewer than this value. If unspecified, at most 20 will be returned. The maximum value is 100; values above 100 will be coerced to 100.

page_token
string

A page token, received from a previous ListQibdoCertificates call.

filter
string

AIP-160 filter expression.

order_by
string

AIP-132 order_by expression, e.g. “not_after desc”.

OK

Media type application/json

Response payload from List Qibdo Certificates

Carries the output produced by list qibdo certificates.

object
certificates

The page of certificates.

Array<object>

QibdoCertificate — leaf X.509 certificate issued under a Qibdo CA. The private key is held by the vault when issued there (or by the requestor when signing a CSR); only metadata is persisted in the relational database.

object
id

The unique identifier of the certificate (UUID).

stringOutput only
certificate_authority_id

The CA that issued the certificate.

stringOutput only
serial

X.509 serial number (unique per CA).

stringOutput only
subject

X.509 subject Distinguished Name.

stringOutput only
subject_alternative_names

Subject Alternative Names (DNS names, IP addresses, URIs).

Array<string>Output only
not_before

Notbefore timestamp (cert validity start).

string format: date-time Output only
not_after

Notafter timestamp (cert validity end).

string format: date-time Output only
state

Lifecycle state of the certificate.

string format: enum Output only
Allowed values: CERTIFICATE_STATE_UNSPECIFIED CERTIFICATE_STATE_ISSUED CERTIFICATE_STATE_REVOKED CERTIFICATE_STATE_EXPIRED
revoked_at

Timestamp the certificate was revoked, if state is REVOKED.

string format: date-time Output only
revocation_reason

RFC 5280 revocation reason — set when state is REVOKED.

string format: enum Output only
Allowed values: CERTIFICATE_REVOCATION_REASON_UNSPECIFIED CERTIFICATE_REVOCATION_REASON_UNSPECIFIED_REASON CERTIFICATE_REVOCATION_REASON_KEY_COMPROMISE CERTIFICATE_REVOCATION_REASON_CA_COMPROMISE CERTIFICATE_REVOCATION_REASON_AFFILIATION_CHANGED CERTIFICATE_REVOCATION_REASON_SUPERSEDED CERTIFICATE_REVOCATION_REASON_CESSATION_OF_OPERATION CERTIFICATE_REVOCATION_REASON_CERTIFICATE_HOLD CERTIFICATE_REVOCATION_REASON_PRIVILEGE_WITHDRAWN CERTIFICATE_REVOCATION_REASON_AA_COMPROMISE
tags

Tag entries used for organisation and policy matching.

Array<object>

Vault Tag

A key-value pair used to label and categorize vault resources such as secrets, crypto keys, leases, certificate authorities, certificates, and access policies.

object
key
required

Tag Key

Tag key (1–63 chars, lowercase letters/digits/dashes/underscores).

string
value
required

Tag Value

Tag value (free-form, up to 255 chars).

string
type

Tag Type

Whether the tag is system-managed or user-defined.

string format: enum
Allowed values: VAULT_TAG_TYPE_UNSPECIFIED VAULT_TAG_TYPE_SYSTEM VAULT_TAG_TYPE_USER
description

Tag Description

Optional description.

string
created

Timestamp when the certificate row was created (server-managed).

string format: date-time Output only
updated

Timestamp when the certificate row was last modified (server-managed).

string format: date-time Output only
next_page_token

Opaque token for the next page; empty when no more results.

string
Example
{
"certificates": [
{
"state": "CERTIFICATE_STATE_UNSPECIFIED",
"revocation_reason": "CERTIFICATE_REVOCATION_REASON_UNSPECIFIED",
"tags": [
{
"type": "VAULT_TAG_TYPE_UNSPECIFIED"
}
]
}
]
}

Default error response

Media type application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

object
code

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

integer format: int32
message

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

string
details

A list of messages that carry the error details. There is a common set of message types for APIs to use.

Array<object>

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

object
@type

The type of the serialized message.

string
key
additional properties
any
Example generated
{
"code": 1,
"message": "example",
"details": [
{
"@type": "example"
}
]
}