Listing certificate authorities

This topic explains how you can list certificate authorities (CAs).

Listing root CAs

List root CAs across CA pools

To list all the root CAs across CA pools, use the following instructions:

Console

  1. In the Google Cloud Console, go to the Certificate Authority Service page.

    Go to Certificate Authority Service

  2. Click Filter.

  3. Select Type from the drop-down menu.

  4. Set the value of Type as Root.

All CAs with Type set as Root are listed.

gcloud

gcloud privateca roots list --location LOCATION

Replace the following:

  • LOCATION: the location of the root CAs. For the complete list of locations, see Locations.

List root CAs in a particular CA pool

To list all the root CAs in a particular CA pool, use the following instructions:

Console

  1. In the Google Cloud Console, go to the Certificate Authority Service page.

    Go to Certificate Authority Service

  2. Click Filter.

  3. Select Type from the drop-down menu.

  4. Set the value of Type as Root.

  5. Click Filter.

  6. Select Pool from the drop-down menu.

  7. Add the ID of the CA pool as the value of Pool.

gcloud

gcloud privateca roots list --location LOCATION --pool POOL_ID

Replace the following:

  • LOCATION: the location of the CA pool. For the complete list of locations, see Locations.
  • POOL_ID: the unique identifier of the CA pool.

For more information about the gcloud privateca roots list command, see gcloud privateca roots list.

Listing subordinate CAs

List subordinate CAs across CA pools

To list all the subordinate CAs across CA pools, use the following instructions:

Console

  1. In the Google Cloud Console, go to the Certificate Authority Service page.

    Go to Certificate Authority Service

  2. Click Filter.

  3. Select Type from the drop-down menu.

  4. Set the value of Type as Subordinate.

All CAs with Type set as Subordinate are listed.

gcloud

gcloud privateca subordinates list --location LOCATION

Replace the following:

  • LOCATION: the location of the subordinate CAs. For the complete list of locations, see Locations.

List subordinate CAs in a particular CA pool

To list all the subordinate CAs in a particular CA pool, use the following instructions:

Console

  1. In the Google Cloud Console, go to the Certificate Authority Service page.

    Go to Certificate Authority Service

  2. Click Filter.

  3. Select Type from the drop-down menu.

  4. Set the value of Type as Subordinate.

  5. Click Filter.

  6. Select Pool from the drop-down menu.

  7. Add the ID of the CA pool as the value of Pool.

gcloud

gcloud privateca subordinates list --location LOCATION --pool POOL_ID

Replace the following:

  • LOCATION: the location of the CA pool. For the complete list of locations, see Locations.
  • POOL_ID: the unique identifier of the CA pool.

For more information about the gcloud privateca subordinates list command, see gcloud privateca subordinates list.

Listing all CAs

To list all the CAs in a CA pool, use the following instructions:

Console

  1. In the Google Cloud Console, go to the Certificate Authority Service page.

    Go to Certificate Authority Service

  2. Click Filter.

  3. Select Pool from the drop-down menu.

  4. Add the ID of the CA pool as the value of Pool.

Code samples

Java


import com.google.cloud.security.privateca.v1.CaPoolName;
import com.google.cloud.security.privateca.v1.CertificateAuthority;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import java.io.IOException;

public class ListCertificateAuthorities {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    // location: For a list of locations, see:
    // https://cloud.google.com/certificate-authority-service/docs/locations
    // pool_Id: The id of the CA pool under which the CAs to be listed are present.
    String project = "your-project-id";
    String location = "ca-location";
    String pool_Id = "ca-pool-id";
    listCertificateAuthority(project, location, pool_Id);
  }

  // List all Certificate authorities present in the given CA Pool.
  public static void listCertificateAuthority(String project, String location, String pool_Id)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the `certificateAuthorityServiceClient.close()` method on the client to safely
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
        CertificateAuthorityServiceClient.create()) {

      // Create CA pool name comprising of project, location and the pool name.
      CaPoolName parent =
          CaPoolName.newBuilder()
              .setProject(project)
              .setLocation(location)
              .setCaPool(pool_Id)
              .build();

      // List the CA name and its corresponding state.
      for (CertificateAuthority certificateAuthority :
          certificateAuthorityServiceClient.listCertificateAuthorities(parent).iterateAll()) {
        System.out.println(
            certificateAuthority.getName() + " is " + certificateAuthority.getState());
      }
    }
  }
}

Python

import google.cloud.security.privateca_v1 as privateca_v1


def list_certificate_authorities(
    project_id: str, location: str, ca_pool_name: str
) -> None:
    """
    List all Certificate authorities present in the given CA Pool.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
        ca_pool_name: the name of the CA pool under which the CAs to be listed are present.
    """

    caServiceClient = privateca_v1.CertificateAuthorityServiceClient()

    ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name)

    # List the CA name and its corresponding state.
    for ca in caServiceClient.list_certificate_authorities(parent=ca_pool_path):
        print(ca.name, "is", ca.state)

What's next