:doc:`ACMPCA <../../acm-pca>` / Client / get_certificate

***************
get_certificate
***************



.. py:method:: ACMPCA.Client.get_certificate(**kwargs)

  

  Retrieves a certificate from your private CA or one that has been shared with you. The ARN of the certificate is returned when you call the `IssueCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html>`__ action. You must specify both the ARN of your private CA and the ARN of the issued certificate when calling the **GetCertificate** action. You can retrieve the certificate if it is in the **ISSUED**, **EXPIRED**, or **REVOKED** state. You can call the `CreateCertificateAuthorityAuditReport <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html>`__ action to create a report that contains information about all of the certificates issued and revoked by your private CA.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate>`_  


  **Request Syntax**
  ::

    response = client.get_certificate(
        CertificateAuthorityArn='string',
        CertificateArn='string'
    )
    
  :type CertificateAuthorityArn: string
  :param CertificateAuthorityArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) that was returned when you called `CreateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html>`__. This must be of the form:

     

    ``arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 ``.

    

  
  :type CertificateArn: string
  :param CertificateArn: **[REQUIRED]** 

    The ARN of the issued certificate. The ARN contains the certificate serial number and must be in the following form:

     

    ``arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245``

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Certificate': 'string',
          'CertificateChain': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Certificate** *(string) --* 

        The base64 PEM-encoded certificate specified by the ``CertificateArn`` parameter.

        
      

      - **CertificateChain** *(string) --* 

        The base64 PEM-encoded certificate chain that chains up to the root CA certificate that you used to sign your private CA certificate.

        
  
  **Exceptions**
  
  *   :py:class:`ACMPCA.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`ACMPCA.Client.exceptions.InvalidArnException`

  
  *   :py:class:`ACMPCA.Client.exceptions.InvalidStateException`

  
  *   :py:class:`ACMPCA.Client.exceptions.RequestFailedException`

  
  *   :py:class:`ACMPCA.Client.exceptions.RequestInProgressException`

  