List Certificates
const url = 'https://example.com/vault/v1/workspaces/example/engines/qibdo/certificateAuthorities/example/certificates';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/vault/v1/workspaces/example/engines/qibdo/certificateAuthorities/example/certificatesReturns a paginated list of certificates issued by the given CA.
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”The workspace the CA belongs to.
The CA whose certificates will be listed.
Query Parameters
Section titled “Query Parameters ”The maximum number of certificates to return. The service may return fewer than this value. If unspecified, at most 20 will be returned. The maximum value is 100; values above 100 will be coerced to 100.
A page token, received from a previous ListQibdoCertificates call.
AIP-160 filter expression.
AIP-132 order_by expression, e.g. “not_after desc”.
Responses
Section titled “ Responses ”OK
Response payload from List Qibdo Certificates
Carries the output produced by list qibdo certificates.
object
The page of certificates.
QibdoCertificate — leaf X.509 certificate issued under a Qibdo CA. The private key is held by the vault when issued there (or by the requestor when signing a CSR); only metadata is persisted in the relational database.
object
The unique identifier of the certificate (UUID).
The CA that issued the certificate.
X.509 serial number (unique per CA).
X.509 subject Distinguished Name.
Subject Alternative Names (DNS names, IP addresses, URIs).
Notbefore timestamp (cert validity start).
Notafter timestamp (cert validity end).
Lifecycle state of the certificate.
Timestamp the certificate was revoked, if state is REVOKED.
RFC 5280 revocation reason — set when state is REVOKED.
Tag entries used for organisation and policy matching.
Vault Tag
A key-value pair used to label and categorize vault resources such as secrets, crypto keys, leases, certificate authorities, certificates, and access policies.
object
Tag Key
Tag key (1–63 chars, lowercase letters/digits/dashes/underscores).
Tag Value
Tag value (free-form, up to 255 chars).
Tag Type
Whether the tag is system-managed or user-defined.
Tag Description
Optional description.
Timestamp when the certificate row was created (server-managed).
Timestamp when the certificate row was last modified (server-managed).
Opaque token for the next page; empty when no more results.
Example
{ "certificates": [ { "state": "CERTIFICATE_STATE_UNSPECIFIED", "revocation_reason": "CERTIFICATE_REVOCATION_REASON_UNSPECIFIED", "tags": [ { "type": "VAULT_TAG_TYPE_UNSPECIFIED" } ] } ]}default
Section titled “default ”Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
object
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
A list of messages that carry the error details. There is a common set of message types for APIs to use.
Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.
object
The type of the serialized message.
Example generated
{ "code": 1, "message": "example", "details": [ { "@type": "example" } ]}