Certificates - List

Service:: App Service

API Version:: 2025-05-01

Description for Get all certificates for a subscription.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Web/certificates?api-version=2025-05-01

With optional parameters:

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Web/certificates?api-version=2025-05-01&$filter={$filter}

URI Parameters

Name	In	Required	Type	Description
subscriptionId	path	True	string (uuid)	The ID of the target subscription. The value must be an UUID.
api-version	query	True	string minLength: 1	The API version to use for this operation.
$filter	query		string	Return only information specified in the filter (using OData syntax). For example: $filter=KeyVaultId eq 'KeyVaultId'

Responses

Name	Type	Description
200 OK	CertificateCollection	Azure operation completed successfully.
Other Status Codes	DefaultErrorResponse	An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

List Certificates for subscription

Sample request

GET https://management.azure.com/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/providers/Microsoft.Web/certificates?api-version=2025-05-01


/**
 * Samples for Certificates List.
 */
public final class Main {
    /*
     * x-ms-original-file: 2025-05-01/ListCertificates.json
     */
    /**
     * Sample code: List Certificates for subscription.
     * 
     * @param manager Entry point to AppServiceManager.
     */
    public static void listCertificatesForSubscription(com.azure.resourcemanager.appservice.AppServiceManager manager) {
        manager.serviceClient().getCertificates().list(null, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armappservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appservice/armappservice/v6"
)

// Generated from example definition: 2025-05-01/ListCertificates.json
func ExampleCertificatesClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armappservice.NewClientFactory("34adfa4f-cedf-4dc0-ba29-b6d1a69ab345", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewCertificatesClient().NewListPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page = armappservice.CertificatesClientListResponse{
		// 	AppCertificateCollection: armappservice.AppCertificateCollection{
		// 		Value: []*armappservice.AppCertificate{
		// 			{
		// 				Name: to.Ptr("testc6282"),
		// 				Type: to.Ptr("Microsoft.Web/certificates"),
		// 				ID: to.Ptr("/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/resourceGroups/testrg123/providers/Microsoft.Web/certificates/testc6282"),
		// 				Location: to.Ptr("East US"),
		// 				Properties: &armappservice.AppCertificateProperties{
		// 					ExpirationDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2039-12-31T23:59:59+00:00"); return t}()),
		// 					FriendlyName: to.Ptr(""),
		// 					HostNames: []*string{
		// 						to.Ptr("ServerCert"),
		// 					},
		// 					IssueDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-11-12T23:40:25+00:00"); return t}()),
		// 					Issuer: to.Ptr("CACert"),
		// 					SubjectName: to.Ptr("ServerCert"),
		// 					Thumbprint: to.Ptr("FE703D7411A44163B6D32B3AD9B03E175886EBFE"),
		// 				},
		// 			},
		// 			{
		// 				Name: to.Ptr("testc4912"),
		// 				Type: to.Ptr("Microsoft.Web/certificates"),
		// 				ID: to.Ptr("/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/resourceGroups/testrg123/providers/Microsoft.Web/certificates/testc4912"),
		// 				Location: to.Ptr("West US"),
		// 				Properties: &armappservice.AppCertificateProperties{
		// 					ExpirationDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2040-12-31T23:59:59+00:00"); return t}()),
		// 					FriendlyName: to.Ptr(""),
		// 					HostNames: []*string{
		// 						to.Ptr("ServerCert2"),
		// 					},
		// 					IssueDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-12-12T23:40:25+00:00"); return t}()),
		// 					Issuer: to.Ptr("CACert"),
		// 					SubjectName: to.Ptr("ServerCert2"),
		// 					Thumbprint: to.Ptr("FE703D7411A44163B6D32B3AD9B0490D5886EBFE"),
		// 				},
		// 			},
		// 		},
		// 	},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "value": [
    {
      "name": "testc6282",
      "type": "Microsoft.Web/certificates",
      "id": "/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/resourceGroups/testrg123/providers/Microsoft.Web/certificates/testc6282",
      "location": "East US",
      "properties": {
        "expirationDate": "2039-12-31T23:59:59+00:00",
        "friendlyName": "",
        "hostNames": [
          "ServerCert"
        ],
        "issueDate": "2015-11-12T23:40:25+00:00",
        "issuer": "CACert",
        "subjectName": "ServerCert",
        "thumbprint": "FE703D7411A44163B6D32B3AD9B03E175886EBFE"
      }
    },
    {
      "name": "testc4912",
      "type": "Microsoft.Web/certificates",
      "id": "/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/resourceGroups/testrg123/providers/Microsoft.Web/certificates/testc4912",
      "location": "West US",
      "properties": {
        "expirationDate": "2040-12-31T23:59:59+00:00",
        "friendlyName": "",
        "hostNames": [
          "ServerCert2"
        ],
        "issueDate": "2015-12-12T23:40:25+00:00",
        "issuer": "CACert",
        "subjectName": "ServerCert2",
        "thumbprint": "FE703D7411A44163B6D32B3AD9B0490D5886EBFE"
      }
    }
  ]
}

Definitions

Name	Description
Certificate	SSL certificate for an app.
CertificateCollection	Collection of certificates.
createdByType	The type of identity that created the resource.
DefaultErrorResponse	App Service error response.
DefaultErrorResponseError	Error model.
DefaultErrorResponseErrorDetailsItem	Detailed errors.
HostingEnvironmentProfile	Specification for an App Service Environment to use for this resource.
KeyVaultSecretStatus	Status of the Key Vault secret.
systemData	Metadata pertaining to creation and last modification of the resource.

Certificate

Object

SSL certificate for an app.

Name	Type	Description
id	string (arm-id)	Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string	Kind of resource. If the resource is an app, you can refer to https://github.com/Azure/app-service-linux-docs/blob/master/Things_You_Should_Know/kind_property.md#app-service-resource-kind-reference for details supported values for kind.
location	string	The geo-location where the resource lives
name	string	The name of the resource
properties.canonicalName	string	CNAME of the certificate to be issued via free certificate
properties.cerBlob	string (byte)	Raw bytes of .cer file
properties.domainValidationMethod	string	Method of domain validation for free cert
properties.expirationDate	string (date-time)	Certificate expiration date.
properties.friendlyName	string	Friendly name of the certificate.
properties.hostNames	string[]	Host names the certificate applies to.
properties.hostingEnvironmentProfile	HostingEnvironmentProfile	Specification for the App Service Environment to use for the certificate.
properties.issueDate	string (date-time)	Certificate issue Date.
properties.issuer	string	Certificate issuer.
properties.keyVaultId	string (arm-id)	Azure Key Vault Csm resource Id.
properties.keyVaultSecretName	string	Azure Key Vault secret name.
properties.keyVaultSecretStatus	KeyVaultSecretStatus	Status of the Key Vault secret.
properties.password	string	Certificate password.
properties.pfxBlob	string (byte)	Pfx blob.
properties.publicKeyHash	string	Public key hash.
properties.selfLink	string	Self link.
properties.serverFarmId	string (arm-id)	Resource ID of the associated App Service plan.
properties.siteName	string	App name.
properties.subjectName	string	Subject name of the certificate.
properties.thumbprint	string	Certificate thumbprint.
properties.valid	boolean	Is the certificate valid?.
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object	Resource tags.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

CertificateCollection

Object

Collection of certificates.

Name	Type	Description
nextLink	string (uri)	The link to the next page of items
value	Certificate[]	The Certificate items on this page

createdByType

Enumeration

The type of identity that created the resource.

Value	Description
User
Application
ManagedIdentity
Key

DefaultErrorResponse

Object

App Service error response.

Name	Type	Description
error	DefaultErrorResponseError	Error model.

DefaultErrorResponseError

Object

Error model.

Name	Type	Description
code	string	Standardized string to programmatically identify the error.
details	DefaultErrorResponseErrorDetailsItem[]	Detailed errors.
innererror	string	More information to debug error.
message	string	Detailed error description and debugging information.
target	string	Detailed error description and debugging information.

DefaultErrorResponseErrorDetailsItem

Object

Detailed errors.

Name	Type	Description
code	string	Standardized string to programmatically identify the error.
message	string	Detailed error description and debugging information.
target	string	Detailed error description and debugging information.

HostingEnvironmentProfile

Object

Specification for an App Service Environment to use for this resource.

Name	Type	Description
id	string	Resource ID of the App Service Environment.
name	string	Name of the App Service Environment.
type	string	Resource type of the App Service Environment.

KeyVaultSecretStatus

Enumeration

Status of the Key Vault secret.

Value	Description
Initialized
WaitingOnCertificateOrder
Succeeded
CertificateOrderFailed
OperationNotPermittedOnKeyVault
AzureServiceUnauthorizedToAccessKeyVault
KeyVaultDoesNotExist
KeyVaultSecretDoesNotExist
UnknownError
ExternalPrivateKey
Unknown

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.