or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

async-operations.mdcertificate-operations.mdcontact-management.mdimport-export.mdindex.mdissuer-management.mdlisting-operations.mdoperation-management.mdpolicy-management.mdrecovery-operations.md

certificate-operations.mddocs/

0
# Certificate Operations
1


2
Core certificate lifecycle management operations including creation, retrieval, updating, and deletion. These operations provide comprehensive certificate management with support for both self-signed certificates and external issuer integration.
3


4
## Capabilities
5


6
### Certificate Creation
7


8
Creates a new certificate or new version of an existing certificate. Returns a long-running operation poller that can be used to monitor creation progress and retrieve the final result.
9


10
```python { .api }
11
def begin_create_certificate(
12
    certificate_name: str,
13
    policy: CertificatePolicy,
14
    *,
15
    enabled: Optional[bool] = None,
16
    tags: Optional[Dict[str, str]] = None,
17
    preserve_order: Optional[bool] = None,
18
    **kwargs: Any
19
) -> LROPoller[Union[KeyVaultCertificate, CertificateOperation]]:
20
    """
21
    Creates a new certificate.
22


23
    Parameters:
24
    - certificate_name: The name of the certificate
25
    - policy: Certificate management policy defining key properties and issuer settings
26
    - enabled: Whether the certificate is enabled for use
27
    - tags: Application-specific metadata as key-value pairs
28
    - preserve_order: Whether to preserve the order of the certificate chain
29


30
    Returns:
31
    LROPoller for the create operation. Waiting gives the certificate if successful,
32
    or CertificateOperation if still pending/failed.
33


34
    Raises:
35
    ValueError: If the certificate policy is invalid
36
    HttpResponseError: For service-side errors
37
    """
38
```
39


40
Usage example:
41


42
```python
43
from azure.keyvault.certificates import CertificateClient, CertificatePolicy
44


45
# Create with default policy
46
create_poller = client.begin_create_certificate(
47
    certificate_name="my-cert",
48
    policy=CertificatePolicy.get_default()
49
)
50


51
# Wait for completion
52
certificate = create_poller.result()
53
print(f"Created certificate: {certificate.name}")
54


55
# Create with custom settings
56
create_poller = client.begin_create_certificate(
57
    certificate_name="app-cert",
58
    policy=CertificatePolicy.get_default(),
59
    enabled=True,
60
    tags={"environment": "production", "app": "web-api"}
61
)
62
```
63


64
### Certificate Retrieval
65


66
Retrieves the latest version or a specific version of a certificate from the vault.
67


68
```python { .api }
69
def get_certificate(certificate_name: str, **kwargs: Any) -> KeyVaultCertificate:
70
    """
71
    Get the latest version of a certificate.
72


73
    Parameters:
74
    - certificate_name: The name of the certificate
75


76
    Returns:
77
    KeyVaultCertificate: The certificate with its properties, policy, and data
78


79
    Raises:
80
    ResourceNotFoundError: If the certificate doesn't exist
81
    HttpResponseError: For service-side errors
82
    """
83


84
def get_certificate_version(
85
    certificate_name: str, 
86
    version: str, 
87
    **kwargs: Any
88
) -> KeyVaultCertificate:
89
    """
90
    Get a specific version of a certificate.
91


92
    Parameters:
93
    - certificate_name: The name of the certificate
94
    - version: The version identifier of the certificate
95


96
    Returns:
97
    KeyVaultCertificate: The specified certificate version
98


99
    Raises:
100
    ResourceNotFoundError: If the certificate or version doesn't exist
101
    HttpResponseError: For service-side errors
102
    """
103
```
104


105
Usage examples:
106


107
```python
108
# Get latest version
109
certificate = client.get_certificate("my-cert")
110
print(f"Certificate ID: {certificate.id}")
111
print(f"Version: {certificate.properties.version}")
112
print(f"Expires on: {certificate.properties.expires_on}")
113


114
# Get specific version
115
specific_cert = client.get_certificate_version("my-cert", "abc123version")
116
print(f"Specific version: {specific_cert.properties.version}")
117
```
118


119
### Certificate Property Updates
120


121
Updates the properties and metadata of an existing certificate without changing the certificate itself.
122


123
```python { .api }
124
def update_certificate_properties(
125
    certificate_name: str,
126
    version: Optional[str] = None,
127
    *,
128
    enabled: Optional[bool] = None,
129
    tags: Optional[Dict[str, str]] = None,
130
    **kwargs: Any
131
) -> KeyVaultCertificate:
132
    """
133
    Updates the properties of a certificate.
134


135
    Parameters:
136
    - certificate_name: The name of the certificate
137
    - version: Specific version to update (latest if not specified)
138
    - enabled: Whether the certificate should be enabled
139
    - tags: Updated tags for the certificate
140


141
    Returns:
142
    KeyVaultCertificate: The updated certificate
143


144
    Raises:
145
    ResourceNotFoundError: If the certificate doesn't exist
146
    HttpResponseError: For service-side errors
147
    """
148
```
149


150
Usage examples:
151


152
```python
153
# Disable a certificate
154
updated_cert = client.update_certificate_properties(
155
    certificate_name="my-cert",
156
    enabled=False
157
)
158


159
# Update tags
160
updated_cert = client.update_certificate_properties(
161
    certificate_name="my-cert",
162
    tags={
163
        "environment": "staging",
164
        "updated_by": "admin",
165
        "status": "testing"
166
    }
167
)
168


169
# Update specific version
170
updated_cert = client.update_certificate_properties(
171
    certificate_name="my-cert",
172
    version="specific-version-id",
173
    enabled=True,
174
    tags={"verified": "true"}
175
)
176
```
177


178
### Certificate Deletion
179


180
Deletes a certificate from the vault. In vaults with soft-delete enabled, the certificate can be recovered.
181


182
```python { .api }
183
def begin_delete_certificate(
184
    certificate_name: str, 
185
    **kwargs: Any
186
) -> LROPoller[DeletedCertificate]:
187
    """
188
    Deletes a certificate from the vault.
189


190
    Parameters:
191
    - certificate_name: The name of the certificate to delete
192


193
    Returns:
194
    LROPoller[DeletedCertificate]: Poller for the delete operation
195


196
    Raises:
197
    ResourceNotFoundError: If the certificate doesn't exist
198
    HttpResponseError: For service-side errors
199
    """
200
```
201


202
Usage example:
203


204
```python
205
# Delete certificate
206
delete_poller = client.begin_delete_certificate("my-cert")
207
deleted_cert = delete_poller.result()
208


209
print(f"Deleted certificate: {deleted_cert.name}")
210
print(f"Deletion date: {deleted_cert.deleted_on}")
211
print(f"Recovery ID: {deleted_cert.recovery_id}")
212
print(f"Scheduled purge: {deleted_cert.scheduled_purge_date}")
213
```
214


215
### Version Management
216


217
List and manage different versions of a certificate.
218


219
```python { .api }
220
def list_properties_of_certificate_versions(
221
    certificate_name: str,
222
    *,
223
    max_page_size: Optional[int] = None,
224
    **kwargs: Any
225
) -> ItemPaged[CertificateProperties]:
226
    """
227
    Lists all versions of a certificate.
228


229
    Parameters:
230
    - certificate_name: The name of the certificate
231
    - max_page_size: Maximum number of items per page
232


233
    Returns:
234
    ItemPaged[CertificateProperties]: Paged list of certificate version properties
235


236
    Raises:
237
    ResourceNotFoundError: If the certificate doesn't exist
238
    HttpResponseError: For service-side errors
239
    """
240
```
241


242
Usage example:
243


244
```python
245
# List all versions of a certificate
246
for cert_props in client.list_properties_of_certificate_versions("my-cert"):
247
    print(f"Version: {cert_props.version}")
248
    print(f"Created: {cert_props.created_on}")
249
    print(f"Enabled: {cert_props.enabled}")
250
    print(f"Expires: {cert_props.expires_on}")
251
    print("---")
252


253
# Get specific version count
254
versions = list(client.list_properties_of_certificate_versions("my-cert"))
255
print(f"Total versions: {len(versions)}")
256
```
257


258
## Error Handling
259


260
Certificate operations can raise various exceptions that should be handled appropriately:
261


262
```python
263
from azure.core.exceptions import ResourceNotFoundError, HttpResponseError
264
from azure.keyvault.certificates import CertificateClient
265


266
try:
267
    certificate = client.get_certificate("non-existent-cert")
268
except ResourceNotFoundError:
269
    print("Certificate not found")
270
except HttpResponseError as e:
271
    print(f"HTTP error: {e.status_code} - {e.message}")
272
except Exception as e:
273
    print(f"Unexpected error: {e}")
274
```
275


276
## Long-Running Operations
277


278
Certificate creation and deletion are long-running operations that return pollers:
279


280
```python
281
# Monitor creation progress
282
create_poller = client.begin_create_certificate("my-cert", policy)
283


284
# Check if done without blocking
285
if create_poller.done():
286
    result = create_poller.result()
287
else:
288
    print("Still creating...")
289


290
# Wait with timeout
291
try:
292
    result = create_poller.result(timeout=30)  # 30 second timeout
293
except Exception as e:
294
    print(f"Operation timed out or failed: {e}")
295


296
# Cancel operation if supported
297
try:
298
    create_poller.cancel()
299
except Exception:
300
    print("Cancellation not supported or operation already completed")
301
```