# Client Certificates ## List Client Certificates `client.ClientCertificates.List(ctx, params) (*V4PagePaginationArray[ClientCertificate], error)` **get** `/zones/{zone_id}/client_certificates` List all of your Zone's API Shield mTLS Client Certificates by Status and/or using Pagination ### Parameters - `params ClientCertificateListParams` - `ZoneID param.Field[string]` Path param: Identifier. - `Limit param.Field[int64]` Query param: Limit to the number of records returned. - `Offset param.Field[int64]` Query param: Offset the results - `Page param.Field[float64]` Query param: Page number of paginated results. - `PerPage param.Field[float64]` Query param: Number of records per page. - `Status param.Field[ClientCertificateListParamsStatus]` Query param: Client Certitifcate Status to filter results by. - `const ClientCertificateListParamsStatusAll ClientCertificateListParamsStatus = "all"` - `const ClientCertificateListParamsStatusActive ClientCertificateListParamsStatus = "active"` - `const ClientCertificateListParamsStatusPendingReactivation ClientCertificateListParamsStatus = "pending_reactivation"` - `const ClientCertificateListParamsStatusPendingRevocation ClientCertificateListParamsStatus = "pending_revocation"` - `const ClientCertificateListParamsStatusRevoked ClientCertificateListParamsStatus = "revoked"` ### Returns - `type ClientCertificate struct{…}` - `ID string` Identifier. - `Certificate string` The Client Certificate PEM - `CertificateAuthority ClientCertificateCertificateAuthority` Certificate Authority used to issue the Client Certificate - `ID string` - `Name string` - `CommonName string` Common Name of the Client Certificate - `Country string` Country, provided by the CSR - `Csr string` The Certificate Signing Request (CSR). Must be newline-encoded. - `ExpiresOn string` Date that the Client Certificate expires - `FingerprintSha256 string` Unique identifier of the Client Certificate - `IssuedOn string` Date that the Client Certificate was issued by the Certificate Authority - `Location string` Location, provided by the CSR - `Organization string` Organization, provided by the CSR - `OrganizationalUnit string` Organizational Unit, provided by the CSR - `SerialNumber string` The serial number on the created Client Certificate. - `Signature string` The type of hash used for the Client Certificate.. - `Ski string` Subject Key Identifier - `State string` State, provided by the CSR - `Status Status` Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions - `const StatusActive Status = "active"` - `const StatusPendingReactivation Status = "pending_reactivation"` - `const StatusPendingRevocation Status = "pending_revocation"` - `const StatusRevoked Status = "revoked"` - `ValidityDays int64` The number of days the Client Certificate will be valid after the issued_on date ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/client_certificates" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ClientCertificates.List(context.TODO(), client_certificates.ClientCertificateListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoC...dhDDE\n-----END CERTIFICATE-----", "certificate_authority": { "id": "568b6b74-7b0c-4755-8840-4e3b8c24adeb", "name": "Cloudflare Managed CA for account" }, "common_name": "Cloudflare", "country": "US", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICY....\n-----END CERTIFICATE REQUEST-----", "expires_on": "2033-02-20T23:18:00Z", "fingerprint_sha256": "256c24690243359fb8cf139a125bd05ebf1d968b71e4caf330718e9f5c8a89ea", "issued_on": "2023-02-23T23:18:00Z", "location": "Somewhere", "organization": "Organization", "organizational_unit": "Organizational Unit", "serial_number": "3bb94ff144ac567b9f75ad664b6c55f8d5e48182", "signature": "SHA256WithRSA", "ski": "8e375af1389a069a0f921f8cc8e1eb12d784b949", "state": "CA", "status": "active", "validity_days": 3650 } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Client Certificate Details `client.ClientCertificates.Get(ctx, clientCertificateID, query) (*ClientCertificate, error)` **get** `/zones/{zone_id}/client_certificates/{client_certificate_id}` Get Details for a single mTLS API Shield Client Certificate ### Parameters - `clientCertificateID string` Identifier. - `query ClientCertificateGetParams` - `ZoneID param.Field[string]` Identifier. ### Returns - `type ClientCertificate struct{…}` - `ID string` Identifier. - `Certificate string` The Client Certificate PEM - `CertificateAuthority ClientCertificateCertificateAuthority` Certificate Authority used to issue the Client Certificate - `ID string` - `Name string` - `CommonName string` Common Name of the Client Certificate - `Country string` Country, provided by the CSR - `Csr string` The Certificate Signing Request (CSR). Must be newline-encoded. - `ExpiresOn string` Date that the Client Certificate expires - `FingerprintSha256 string` Unique identifier of the Client Certificate - `IssuedOn string` Date that the Client Certificate was issued by the Certificate Authority - `Location string` Location, provided by the CSR - `Organization string` Organization, provided by the CSR - `OrganizationalUnit string` Organizational Unit, provided by the CSR - `SerialNumber string` The serial number on the created Client Certificate. - `Signature string` The type of hash used for the Client Certificate.. - `Ski string` Subject Key Identifier - `State string` State, provided by the CSR - `Status Status` Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions - `const StatusActive Status = "active"` - `const StatusPendingReactivation Status = "pending_reactivation"` - `const StatusPendingRevocation Status = "pending_revocation"` - `const StatusRevoked Status = "revoked"` - `ValidityDays int64` The number of days the Client Certificate will be valid after the issued_on date ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/client_certificates" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) clientCertificate, err := client.ClientCertificates.Get( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", client_certificates.ClientCertificateGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", clientCertificate.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoC...dhDDE\n-----END CERTIFICATE-----", "certificate_authority": { "id": "568b6b74-7b0c-4755-8840-4e3b8c24adeb", "name": "Cloudflare Managed CA for account" }, "common_name": "Cloudflare", "country": "US", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICY....\n-----END CERTIFICATE REQUEST-----", "expires_on": "2033-02-20T23:18:00Z", "fingerprint_sha256": "256c24690243359fb8cf139a125bd05ebf1d968b71e4caf330718e9f5c8a89ea", "issued_on": "2023-02-23T23:18:00Z", "location": "Somewhere", "organization": "Organization", "organizational_unit": "Organizational Unit", "serial_number": "3bb94ff144ac567b9f75ad664b6c55f8d5e48182", "signature": "SHA256WithRSA", "ski": "8e375af1389a069a0f921f8cc8e1eb12d784b949", "state": "CA", "status": "active", "validity_days": 3650 } } ``` ## Create Client Certificate `client.ClientCertificates.New(ctx, params) (*ClientCertificate, error)` **post** `/zones/{zone_id}/client_certificates` Create a new API Shield mTLS Client Certificate ### Parameters - `params ClientCertificateNewParams` - `ZoneID param.Field[string]` Path param: Identifier. - `Csr param.Field[string]` Body param: The Certificate Signing Request (CSR). Must be newline-encoded. - `ValidityDays param.Field[int64]` Body param: The number of days the Client Certificate will be valid after the issued_on date ### Returns - `type ClientCertificate struct{…}` - `ID string` Identifier. - `Certificate string` The Client Certificate PEM - `CertificateAuthority ClientCertificateCertificateAuthority` Certificate Authority used to issue the Client Certificate - `ID string` - `Name string` - `CommonName string` Common Name of the Client Certificate - `Country string` Country, provided by the CSR - `Csr string` The Certificate Signing Request (CSR). Must be newline-encoded. - `ExpiresOn string` Date that the Client Certificate expires - `FingerprintSha256 string` Unique identifier of the Client Certificate - `IssuedOn string` Date that the Client Certificate was issued by the Certificate Authority - `Location string` Location, provided by the CSR - `Organization string` Organization, provided by the CSR - `OrganizationalUnit string` Organizational Unit, provided by the CSR - `SerialNumber string` The serial number on the created Client Certificate. - `Signature string` The type of hash used for the Client Certificate.. - `Ski string` Subject Key Identifier - `State string` State, provided by the CSR - `Status Status` Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions - `const StatusActive Status = "active"` - `const StatusPendingReactivation Status = "pending_reactivation"` - `const StatusPendingRevocation Status = "pending_revocation"` - `const StatusRevoked Status = "revoked"` - `ValidityDays int64` The number of days the Client Certificate will be valid after the issued_on date ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/client_certificates" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) clientCertificate, err := client.ClientCertificates.New(context.TODO(), client_certificates.ClientCertificateNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Csr: cloudflare.F("-----BEGIN CERTIFICATE REQUEST-----\nMIICY....\n-----END CERTIFICATE REQUEST-----"), ValidityDays: cloudflare.F(int64(3650)), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", clientCertificate.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoC...dhDDE\n-----END CERTIFICATE-----", "certificate_authority": { "id": "568b6b74-7b0c-4755-8840-4e3b8c24adeb", "name": "Cloudflare Managed CA for account" }, "common_name": "Cloudflare", "country": "US", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICY....\n-----END CERTIFICATE REQUEST-----", "expires_on": "2033-02-20T23:18:00Z", "fingerprint_sha256": "256c24690243359fb8cf139a125bd05ebf1d968b71e4caf330718e9f5c8a89ea", "issued_on": "2023-02-23T23:18:00Z", "location": "Somewhere", "organization": "Organization", "organizational_unit": "Organizational Unit", "serial_number": "3bb94ff144ac567b9f75ad664b6c55f8d5e48182", "signature": "SHA256WithRSA", "ski": "8e375af1389a069a0f921f8cc8e1eb12d784b949", "state": "CA", "status": "active", "validity_days": 3650 } } ``` ## Reactivate Client Certificate `client.ClientCertificates.Edit(ctx, clientCertificateID, params) (*ClientCertificate, error)` **patch** `/zones/{zone_id}/client_certificates/{client_certificate_id}` If a API Shield mTLS Client Certificate is in a pending_revocation state, you may reactivate it with this endpoint. ### Parameters - `clientCertificateID string` Identifier. - `params ClientCertificateEditParams` - `ZoneID param.Field[string]` Path param: Identifier. - `Reactivate param.Field[bool]` Body param ### Returns - `type ClientCertificate struct{…}` - `ID string` Identifier. - `Certificate string` The Client Certificate PEM - `CertificateAuthority ClientCertificateCertificateAuthority` Certificate Authority used to issue the Client Certificate - `ID string` - `Name string` - `CommonName string` Common Name of the Client Certificate - `Country string` Country, provided by the CSR - `Csr string` The Certificate Signing Request (CSR). Must be newline-encoded. - `ExpiresOn string` Date that the Client Certificate expires - `FingerprintSha256 string` Unique identifier of the Client Certificate - `IssuedOn string` Date that the Client Certificate was issued by the Certificate Authority - `Location string` Location, provided by the CSR - `Organization string` Organization, provided by the CSR - `OrganizationalUnit string` Organizational Unit, provided by the CSR - `SerialNumber string` The serial number on the created Client Certificate. - `Signature string` The type of hash used for the Client Certificate.. - `Ski string` Subject Key Identifier - `State string` State, provided by the CSR - `Status Status` Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions - `const StatusActive Status = "active"` - `const StatusPendingReactivation Status = "pending_reactivation"` - `const StatusPendingRevocation Status = "pending_revocation"` - `const StatusRevoked Status = "revoked"` - `ValidityDays int64` The number of days the Client Certificate will be valid after the issued_on date ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/client_certificates" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) clientCertificate, err := client.ClientCertificates.Edit( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", client_certificates.ClientCertificateEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", clientCertificate.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoC...dhDDE\n-----END CERTIFICATE-----", "certificate_authority": { "id": "568b6b74-7b0c-4755-8840-4e3b8c24adeb", "name": "Cloudflare Managed CA for account" }, "common_name": "Cloudflare", "country": "US", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICY....\n-----END CERTIFICATE REQUEST-----", "expires_on": "2033-02-20T23:18:00Z", "fingerprint_sha256": "256c24690243359fb8cf139a125bd05ebf1d968b71e4caf330718e9f5c8a89ea", "issued_on": "2023-02-23T23:18:00Z", "location": "Somewhere", "organization": "Organization", "organizational_unit": "Organizational Unit", "serial_number": "3bb94ff144ac567b9f75ad664b6c55f8d5e48182", "signature": "SHA256WithRSA", "ski": "8e375af1389a069a0f921f8cc8e1eb12d784b949", "state": "CA", "status": "active", "validity_days": 3650 } } ``` ## Revoke Client Certificate `client.ClientCertificates.Delete(ctx, clientCertificateID, body) (*ClientCertificate, error)` **delete** `/zones/{zone_id}/client_certificates/{client_certificate_id}` Set a API Shield mTLS Client Certificate to pending_revocation status for processing to revoked status. ### Parameters - `clientCertificateID string` Identifier. - `body ClientCertificateDeleteParams` - `ZoneID param.Field[string]` Identifier. ### Returns - `type ClientCertificate struct{…}` - `ID string` Identifier. - `Certificate string` The Client Certificate PEM - `CertificateAuthority ClientCertificateCertificateAuthority` Certificate Authority used to issue the Client Certificate - `ID string` - `Name string` - `CommonName string` Common Name of the Client Certificate - `Country string` Country, provided by the CSR - `Csr string` The Certificate Signing Request (CSR). Must be newline-encoded. - `ExpiresOn string` Date that the Client Certificate expires - `FingerprintSha256 string` Unique identifier of the Client Certificate - `IssuedOn string` Date that the Client Certificate was issued by the Certificate Authority - `Location string` Location, provided by the CSR - `Organization string` Organization, provided by the CSR - `OrganizationalUnit string` Organizational Unit, provided by the CSR - `SerialNumber string` The serial number on the created Client Certificate. - `Signature string` The type of hash used for the Client Certificate.. - `Ski string` Subject Key Identifier - `State string` State, provided by the CSR - `Status Status` Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions - `const StatusActive Status = "active"` - `const StatusPendingReactivation Status = "pending_reactivation"` - `const StatusPendingRevocation Status = "pending_revocation"` - `const StatusRevoked Status = "revoked"` - `ValidityDays int64` The number of days the Client Certificate will be valid after the issued_on date ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/client_certificates" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) clientCertificate, err := client.ClientCertificates.Delete( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", client_certificates.ClientCertificateDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", clientCertificate.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoC...dhDDE\n-----END CERTIFICATE-----", "certificate_authority": { "id": "568b6b74-7b0c-4755-8840-4e3b8c24adeb", "name": "Cloudflare Managed CA for account" }, "common_name": "Cloudflare", "country": "US", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICY....\n-----END CERTIFICATE REQUEST-----", "expires_on": "2033-02-20T23:18:00Z", "fingerprint_sha256": "256c24690243359fb8cf139a125bd05ebf1d968b71e4caf330718e9f5c8a89ea", "issued_on": "2023-02-23T23:18:00Z", "location": "Somewhere", "organization": "Organization", "organizational_unit": "Organizational Unit", "serial_number": "3bb94ff144ac567b9f75ad664b6c55f8d5e48182", "signature": "SHA256WithRSA", "ski": "8e375af1389a069a0f921f8cc8e1eb12d784b949", "state": "CA", "status": "active", "validity_days": 3650 } } ``` ## Domain Types ### Client Certificate - `type ClientCertificate struct{…}` - `ID string` Identifier. - `Certificate string` The Client Certificate PEM - `CertificateAuthority ClientCertificateCertificateAuthority` Certificate Authority used to issue the Client Certificate - `ID string` - `Name string` - `CommonName string` Common Name of the Client Certificate - `Country string` Country, provided by the CSR - `Csr string` The Certificate Signing Request (CSR). Must be newline-encoded. - `ExpiresOn string` Date that the Client Certificate expires - `FingerprintSha256 string` Unique identifier of the Client Certificate - `IssuedOn string` Date that the Client Certificate was issued by the Certificate Authority - `Location string` Location, provided by the CSR - `Organization string` Organization, provided by the CSR - `OrganizationalUnit string` Organizational Unit, provided by the CSR - `SerialNumber string` The serial number on the created Client Certificate. - `Signature string` The type of hash used for the Client Certificate.. - `Ski string` Subject Key Identifier - `State string` State, provided by the CSR - `Status Status` Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions - `const StatusActive Status = "active"` - `const StatusPendingReactivation Status = "pending_reactivation"` - `const StatusPendingRevocation Status = "pending_revocation"` - `const StatusRevoked Status = "revoked"` - `ValidityDays int64` The number of days the Client Certificate will be valid after the issued_on date