Cloudflare API | Client Certificates › list

API Reference

Account & User Management

Resource Sharing

AI

Certificate Management

Certificate Authorities

Client Certificates

List Client Certificates

Client Certificate Details

Create Client Certificate

Reactivate Client Certificate

Revoke Client Certificate

Custom Certificates

Custom Hostnames

Keyless Certificates

MTLS Certificates

Origin CA Certificates

Origin Post Quantum Encryption

Origin TLS Client Auth

Cloudflare One

DNS

Account Custom Nameservers

Domain/Zone Management

IP Addresses

Media

Networking

Magic Cloud Networking

Magic Network Monitoring

Network Interconnects

Observability

Security Center

Radar

Routing & Performance

Rules

Cloud Connector

Managed Transforms

URL Normalization

Security

Schema Validation

Content Scanning

Leaked Credential Checks

Token Validation

Storage & Databases

R2 Data Catalog

Threat Intelligence

Brand Protection

Workers & Pages

Browser Rendering

Durable Objects

Workers For Platforms

Shared

Client Certificates

ClientCertificates

Methods

client.clientCertificates.list(, ):

V4PagePaginationArray

<

ClientCertificate

>

get/zones/{zone_id}/client_certificates

List all of your Zone's API Shield mTLS Client Certificates by Status and/or using Pagination

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

SSL and Certificates Write SSL and Certificates Read

Parameters

params:

ClientCertificateListParams

zone_id: string

(maxLength: 32)

Path param: Identifier.

limit?: number

Query param: Limit to the number of records returned.

offset?: number

Query param: Offset the results

page?: number

(minimum: 1)

Query param: Page number of paginated results.

per_page?: number

(maximum: 50, minimum: 5)

Query param: Number of records per page.

status?: "all" | "active" | "pending_reactivation" | 2 more...

Query param: Client Certitifcate Status to filter results by.

Returns

ClientCertificate

id?: string

(maxLength: 32)

Identifier.

certificate?: string

The Client Certificate PEM

certificate_authority?:

CertificateAuthority

Certificate Authority used to issue the Client Certificate

common_name?: string

Common Name of the Client Certificate

country?: string

Country, provided by the CSR

csr?: string

The Certificate Signing Request (CSR). Must be newline-encoded.

expires_on?: string

Date that the Client Certificate expires

fingerprint_sha256?: string

Unique identifier of the Client Certificate

issued_on?: string

Date that the Client Certificate was issued by the Certificate Authority

location?: string

Location, provided by the CSR

organization?: string

Organization, provided by the CSR

organizational_unit?: string

Organizational Unit, provided by the CSR

serial_number?: string

The serial number on the created Client Certificate.

signature?: string

The type of hash used for the Client Certificate..

ski?: string

Subject Key Identifier

state?: string

State, provided by the CSR

status?:

Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions

validity_days?: number

The number of days the Client Certificate will be valid after the issued_on date

Request example

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const clientCertificate of client.clientCertificates.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(clientCertificate.id);
}

200Example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "certificate": "-----BEGIN CERTIFICATE-----\\nMIIDmDCCAoC...dhDDE\\n-----END CERTIFICATE-----",
      "certificate_authority": {
        "id": "568b6b74-7b0c-4755-8840-4e3b8c24adeb",
        "name": "Cloudflare Managed CA for account"
      },
      "common_name": "Cloudflare",
      "country": "US",
      "csr": "-----BEGIN CERTIFICATE REQUEST-----\\nMIICY....\\n-----END CERTIFICATE REQUEST-----\\n",
      "expires_on": "2033-02-20T23:18:00Z",
      "fingerprint_sha256": "256c24690243359fb8cf139a125bd05ebf1d968b71e4caf330718e9f5c8a89ea",
      "issued_on": "2023-02-23T23:18:00Z",
      "location": "Somewhere",
      "organization": "Organization",
      "organizational_unit": "Organizational Unit",
      "serial_number": "3bb94ff144ac567b9f75ad664b6c55f8d5e48182",
      "signature": "SHA256WithRSA",
      "ski": "8e375af1389a069a0f921f8cc8e1eb12d784b949",
      "state": "CA",
      "status": "active",
      "validity_days": 3650
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}

client.clientCertificates.get(, , ):

ClientCertificate

get/zones/{zone_id}/client_certificates/{client_certificate_id}

Get Details for a single mTLS API Shield Client Certificate

client.clientCertificates.create(, ):

ClientCertificate

post/zones/{zone_id}/client_certificates

Create a new API Shield mTLS Client Certificate

client.clientCertificates.edit(, , ):

ClientCertificate

patch/zones/{zone_id}/client_certificates/{client_certificate_id}

If a API Shield mTLS Client Certificate is in a pending_revocation state, you may reactivate it with this endpoint.

client.clientCertificates.delete(, , ):

ClientCertificate

delete/zones/{zone_id}/client_certificates/{client_certificate_id}

Set a API Shield mTLS Client Certificate to pending_revocation status for processing to revoked status.

Domain types

ClientCertificate{…}