:doc:`DirectoryService <../../ds>` / Client / describe_certificate

********************
describe_certificate
********************



.. py:method:: DirectoryService.Client.describe_certificate(**kwargs)

  

  Displays information about the certificate registered for secure LDAP or client certificate authentication.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/DescribeCertificate>`_  


  **Request Syntax**
  ::

    response = client.describe_certificate(
        DirectoryId='string',
        CertificateId='string'
    )
    
  :type DirectoryId: string
  :param DirectoryId: **[REQUIRED]** 

    The identifier of the directory.

    

  
  :type CertificateId: string
  :param CertificateId: **[REQUIRED]** 

    The identifier of the certificate.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Certificate': {
              'CertificateId': 'string',
              'State': 'Registering'|'Registered'|'RegisterFailed'|'Deregistering'|'Deregistered'|'DeregisterFailed',
              'StateReason': 'string',
              'CommonName': 'string',
              'RegisteredDateTime': datetime(2015, 1, 1),
              'ExpiryDateTime': datetime(2015, 1, 1),
              'Type': 'ClientCertAuth'|'ClientLDAPS',
              'ClientCertAuthSettings': {
                  'OCSPUrl': 'string'
              }
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Certificate** *(dict) --* 

        Information about the certificate, including registered date time, certificate state, the reason for the state, expiration date time, and certificate common name.

        
        

        - **CertificateId** *(string) --* 

          The identifier of the certificate.

          
        

        - **State** *(string) --* 

          The state of the certificate.

          
        

        - **StateReason** *(string) --* 

          Describes a state change for the certificate.

          
        

        - **CommonName** *(string) --* 

          The common name for the certificate.

          
        

        - **RegisteredDateTime** *(datetime) --* 

          The date and time that the certificate was registered.

          
        

        - **ExpiryDateTime** *(datetime) --* 

          The date and time when the certificate will expire.

          
        

        - **Type** *(string) --* 

          The function that the registered certificate performs. Valid values include ``ClientLDAPS`` or ``ClientCertAuth``. The default value is ``ClientLDAPS``.

          
        

        - **ClientCertAuthSettings** *(dict) --* 

          A ``ClientCertAuthSettings`` object that contains client certificate authentication settings.

          
          

          - **OCSPUrl** *(string) --* 

            Specifies the URL of the default OCSP server used to check for revocation status. A secondary value to any OCSP address found in the AIA extension of the user certificate.

            
      
    
  
  **Exceptions**
  
  *   :py:class:`DirectoryService.Client.exceptions.DirectoryDoesNotExistException`

  
  *   :py:class:`DirectoryService.Client.exceptions.UnsupportedOperationException`

  
  *   :py:class:`DirectoryService.Client.exceptions.CertificateDoesNotExistException`

  
  *   :py:class:`DirectoryService.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`DirectoryService.Client.exceptions.ClientException`

  
  *   :py:class:`DirectoryService.Client.exceptions.ServiceException`

  