Method: projects.locations.caPools.fetchCaCerts
Stay organized with collections
Save and categorize content based on your preferences.
caPools.fetchCaCerts returns the current trust anchor for the CaPool. This will include CA certificate chains for all certificate authorities in the ENABLED, DISABLED, or STAGED states.
HTTP request
POST https://privateca.googleapis.com/v1/{caPool=projects/*/locations/*/caPools/*}:fetchCaCerts
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters |
caPool |
string
Required. The resource name for the CaPool in the format projects/*/locations/*/caPools/*.
Authorization requires the following IAM permission on the specified resource caPool:
|
Request body
The request body contains data with the following structure:
| JSON representation |
{
"requestId": string
} |
| Fields |
requestId |
string
Optional. An ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
|
Response body
Response message for CertificateAuthorityService.FetchCaCerts.
If successful, the response body contains data with the following structure:
| JSON representation |
{
"caCerts": [
{
object (CertChain)
}
]
} |
| Fields |
caCerts[] |
object (CertChain)
The PEM encoded CA certificate chains of all certificate authorities in this CaPool in the ENABLED, DISABLED, or STAGED states.
|
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
CertChain
| JSON representation |
{
"certificates": [
string
]
} |
| Fields |
certificates[] |
string
The certificates that form the CA chain, from leaf to root order.
|
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-30 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-30 UTC."],[[["\u003cp\u003eThis webpage details how to use the \u003ccode\u003ecaPools.fetchCaCerts\u003c/code\u003e method to retrieve the current trust anchor for a specified CaPool, including certificate chains for CAs in ENABLED, DISABLED, or STAGED states.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request for fetching CA certificates is a POST request to a specific URL using gRPC Transcoding syntax, with the CaPool resource name required in the path.\u003c/p\u003e\n"],["\u003cp\u003eThe request body accepts an optional \u003ccode\u003erequestId\u003c/code\u003e for request identification and retry handling, which must be a valid UUID, excluding the zero UUID.\u003c/p\u003e\n"],["\u003cp\u003eA successful response body will contain an array of \u003ccode\u003ecaCerts\u003c/code\u003e, each an object containing the PEM encoded CA certificate chains for all relevant CAs.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires the \u003ccode\u003eprivateca.caPools.get\u003c/code\u003e IAM permission and the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope for authorization.\u003c/p\u003e\n"]]],[],null,["# Method: projects.locations.caPools.fetchCaCerts\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n - [JSON representation](#body.FetchCaCertsResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [CertChain](#CertChain)\n - [JSON representation](#CertChain.SCHEMA_REPRESENTATION)\n\ncaPools.fetchCaCerts returns the current trust anchor for the [CaPool](/certificate-authority-service/docs/reference/rest/v1/projects.locations.caPools#CaPool). This will include CA certificate chains for all certificate authorities in the ENABLED, DISABLED, or STAGED states.\n\n### HTTP request\n\n`POST https://privateca.googleapis.com/v1/{caPool=projects/*/locations/*/caPools/*}:fetchCaCerts`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nResponse message for [CertificateAuthorityService.FetchCaCerts](/certificate-authority-service/docs/reference/rest/v1/projects.locations.caPools/fetchCaCerts#google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts).\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp).\n\nCertChain\n---------"]]
