IoT / Client / list_certificates



Lists the certificates registered in your Amazon Web Services account.

The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.

Requires permission to access the ListCertificates action.

See also: AWS API Documentation

Request Syntax

response = client.list_certificates(
  • pageSize (integer) – The result page size.

  • marker (string) – The marker for the next set of results.

  • ascendingOrder (boolean) – Specifies the order for results. If True, the results are returned in ascending order, based on the creation date.

Return type:



Response Syntax

    'certificates': [
            'certificateArn': 'string',
            'certificateId': 'string',
            'certificateMode': 'DEFAULT'|'SNI_ONLY',
            'creationDate': datetime(2015, 1, 1)
    'nextMarker': 'string'

Response Structure

  • (dict) –

    The output of the ListCertificates operation.

    • certificates (list) –

      The descriptions of the certificates.

      • (dict) –

        Information about a certificate.

        • certificateArn (string) –

          The ARN of the certificate.

        • certificateId (string) –

          The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)

        • status (string) –

          The status of the certificate.

          The status value REGISTER_INACTIVE is deprecated and should not be used.

        • certificateMode (string) –

          The mode of the certificate.

          DEFAULT: A certificate in DEFAULT mode is either generated by Amazon Web Services IoT Core or registered with an issuer certificate authority (CA) in DEFAULT mode. Devices with certificates in DEFAULT mode aren’t required to send the Server Name Indication (SNI) extension when connecting to Amazon Web Services IoT Core. However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to Amazon Web Services IoT Core.

          SNI_ONLY: A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to Amazon Web Services IoT Core.

        • creationDate (datetime) –

          The date and time the certificate was created.

    • nextMarker (string) –

      The marker for the next set of results, or null if there are no additional results.