HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux ip-172-31-42-149 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 07:00:04 UTC 2025 aarch64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: //usr/local/aws-cli/v2/dist/awscli/examples/acm/list-certificates.rst
**To list the ACM certificates for an AWS account**

The following ``list-certificates`` command lists the ARNs of the certificates in your account::

  aws acm list-certificates

The preceding command produces output similar to the following::

  {
      "CertificateSummaryList": [
          {
              "CertificateArn": "arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012", 
              "DomainName": "www.example.com"
          }, 
          {
              "CertificateArn": "arn:aws:acm:region:account:certificate/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", 
              "DomainName": "www.example.net"
          }
      ]
  }

You can decide how many certificates you want to display each time you call ``list-certificates``. For example, if you have four certificates and you want to display no more than two at a time, set the ``max-items`` argument to 2 as in the following example::

  aws acm list-certificates --max-items 2

Two certificate ARNs and a ``NextToken`` value will be displayed::

  "CertificateSummaryList": [
    {
      "CertificateArn": "arn:aws:acm:region:account: \
              certificate/12345678-1234-1234-1234-123456789012", 
      "DomainName": "www.example.com"
    }, 
    {
      "CertificateArn": "arn:aws:acm:region:account: \
               certificate/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", 
      "DomainName": "www.example.net"
    }
    ], 
      "NextToken": "9f4d9f69-275a-41fe-b58e-2b837bd9ba48"

To display the next two certificates in your account, set this ``NextToken`` value in your next call::

  aws acm list-certificates --max-items 2 --next-token 9f4d9f69-275a-41fe-b58e-2b837bd9ba48


You can filter your output by using the ``certificate-statuses`` argument. The following command displays certificates that have a PENDING_VALIDATION status::

  aws acm list-certificates --certificate-statuses PENDING_VALIDATION

You can also filter your output by using the ``includes`` argument. The following command displays certificates filtered on the following properties. The certificates to be displayed::

  - Specify that the RSA algorithm and a 2048 bit key are used to generate key pairs.
  - Contain a Key Usage extension that specifies that the certificates can be used to create digital signatures.
  - Contain an Extended Key Usage extension that specifies that the certificates can be used for code signing.
  
  aws acm list-certificates --max-items 10 --includes extendedKeyUsage=CODE_SIGNING,keyUsage=DIGITAL_SIGNATURE,keyTypes=RSA_2048