本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 列出私有憑證
<a name="PcaListCerts"></a>

若要列出您的私有憑證，請產生稽核報告、從其 S3 儲存貯體擷取報告，並視需要剖析報告內容。如需建立 AWS 私有 CA 稽核報告的資訊，請參閱 [將稽核報告與私有 CA 搭配使用](PcaAuditReport.md)。如需有關從 S3 儲存貯體擷取物件的資訊，請參閱《*Amazon Simple Storage Service 使用者指南*》中的[下載物件](https://docs.aws.amazon.com/AmazonS3/latest/userguide/download-objects.html)。

下列範例說明建立稽核報告並剖析它們以取得有用資料的方法。結果以 JSON 格式，並使用類似 Sed 的剖析器 [jq](https://stedolan.github.io/jq/) 來篩選資料。

**1. 建立稽核報告。**  
下列命令會為指定的 CA 產生稽核報告。

```
$ aws acm-pca create-certificate-authority-audit-report \
     --region {{region}} \     
     --certificate-authority-arn arn:{{aws}}:acm-pca:{{us-east-1}}:{{111122223333}}:certificate-authority/{{11223344-1234-1122-2233-112233445566}} \
     --s3-bucket-name {{bucket_name}} \
     --audit-report-response-format JSON
```

成功時，命令會傳回新稽核報告的 ID 和位置。

```
{
   "AuditReportId":"{{audit_report_ID}}",
   "S3Key":"audit-report/{{CA_ID}}/{{audit_report_ID.json}}"
}
```

**2. 擷取並格式化稽核報告。**  
此命令會擷取稽核報告、在標準輸出中顯示其內容，並篩選結果，以僅顯示 2020-12-01 當天或之後發行的憑證。

```
$ aws s3api get-object \
     --region {{region}} \
     --bucket {{bucket_name}} \
     --key audit-report/{{CA_ID}}/{{audit_report_ID.json}} \
     /dev/stdout | jq '.[] | select(.issuedAt >= "2020-12-01")'
```

傳回的項目如下所示：

```
{
   "awsAccountId":"{{account}}",
   "certificateArn":"arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial":"{{serial_number}}",
   "subject":"CN=pca.alpha.root2.leaf5",
   "notBefore":"2020-12-21T21:28:09+0000",
   "notAfter":"9999-12-31T23:59:59+0000",
   "issuedAt":"2020-12-21T22:28:09+0000",
   "templateArn":"arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
```

**3. 在本機儲存稽核報告。**  
如果您想要執行多個查詢，將稽核報告儲存到本機檔案非常方便。

```
$ aws s3api get-object \
     --region {{region}} \
     --bucket {{bucket_name}} \
     --key audit-report/{{CA_ID}}/{{audit_report_ID.json}} > {{my_local_audit_report.json}}
```

與 相同的篩選條件會產生相同的輸出：

```
$ cat my_local_audit_report.json | jq '.[] | select(.issuedAt >= "2020-12-01")'
{
   "awsAccountId":"{{account}}",
   "certificateArn":"arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial":"{{serial_number}}",
   "subject":"CN=pca.alpha.root2.leaf5",
   "notBefore":"2020-12-21T21:28:09+0000",
   "notAfter":"9999-12-31T23:59:59+0000",
   "issuedAt":"2020-12-21T22:28:09+0000",
   "templateArn":"arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
```

**4. 在日期範圍內查詢**  
您可以查詢日期範圍內發行的憑證，如下所示：

```
$ cat my_local_audit_report.json | jq '.[] | select(.issuedAt >= "2020-11-01" and .issuedAt <= "2020-11-10")'
```

篩選的內容會顯示在標準輸出中：

```
{
   "awsAccountId": "{{account}}",
   "certificateArn": "arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial": "{{serial_number}}",
   "subject": "CN=pca.alpha.root2.leaf1",
   "notBefore": "2020-11-06T19:18:21+0000",
   "notAfter": "9999-12-31T23:59:59+0000",
   "issuedAt": "2020-11-06T20:18:22+0000",
   "templateArn": "arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
{
   "awsAccountId": "{{account}}",
   "certificateArn": "arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial": "{{serial_number}}",
   "subject": "CN=pca.alpha.root2.rsa2048sha256",
   "notBefore": "2020-11-06T19:15:46+0000",
   "notAfter": "9999-12-31T23:59:59+0000",
   "issuedAt": "2020-11-06T20:15:46+0000",
   "templateArn": "arn:aws:acm-pca:::template/RootCACertificate/V1"
}
{
   "awsAccountId": "{{account}}",
   "certificateArn": "arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial": "{{serial_number}}",
   "subject": "CN=pca.alpha.root2.leaf2",
   "notBefore": "2020-11-06T20:04:39+0000",
   "notAfter": "9999-12-31T23:59:59+0000",
   "issuedAt": "2020-11-06T21:04:39+0000",
   "templateArn": "arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
```

**5. 搜尋指定範本之後的憑證。**  
下列命令會使用範本 ARN 篩選報告內容：

```
$ cat my_local_audit_report.json | jq '.[] | select(.templateArn == "arn:aws:acm-pca:::template/RootCACertificate/V1")'
```

輸出會顯示相符的憑證記錄：

```
{
   "awsAccountId": "{{account}}",
   "certificateArn": "arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial": "{{serial_number}}",
   "subject": "CN=pca.alpha.root2.rsa2048sha256",
   "notBefore": "2020-11-06T19:15:46+0000",
   "notAfter": "9999-12-31T23:59:59+0000",
   "issuedAt": "2020-11-06T20:15:46+0000",
   "templateArn": "arn:aws:acm-pca:::template/RootCACertificate/V1"
}
```

**6. 篩選已撤銷的憑證**  
若要尋找所有已撤銷的憑證，請使用下列命令：

```
$ cat my_local_audit_report.json | jq '.[] | select(.revokedAt != null)'
```

撤銷的憑證顯示如下：

```
{
   "awsAccountId": "{{account}}",
   "certificateArn": "arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial": "{{serial_number}}",
   "subject": "CN=pca.alpha.root2.leaf2",
   "notBefore": "2020-11-06T20:04:39+0000",
   "notAfter": "9999-12-31T23:59:59+0000",
   "issuedAt": "2020-11-06T21:04:39+0000",
   "revokedAt": "2021-05-27T18:57:32+0000",
   "revocationReason": "UNSPECIFIED",
   "templateArn": "arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
```

**7. 使用規則表達式進行篩選。**  
下列命令會搜尋包含字串 "leaf" 的主題名稱：

```
$ cat my_local_audit_report.json | jq '.[] | select(.subject|test("leaf"))'
```

系統會傳回相符的憑證記錄，如下所示：

```
{
   "awsAccountId": "{{account}}",
   "certificateArn": "arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial": "{{serial_number}}",
   "subject": "CN=pca.alpha.roo2.leaf4",
   "notBefore": "2020-11-16T18:17:10+0000",
   "notAfter": "9999-12-31T23:59:59+0000",
   "issuedAt": "2020-11-16T19:17:12+0000",
   "templateArn": "arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
{
   "awsAccountId": "{{account}}",
   "certificateArn": "arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial": "{{serial_number}}",
   "subject": "CN=pca.alpha.root2.leaf5",
   "notBefore": "2020-12-21T21:28:09+0000",
   "notAfter": "9999-12-31T23:59:59+0000",
   "issuedAt": "2020-12-21T22:28:09+0000",
   "templateArn": "arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
{
   "awsAccountId": "{{account}}",
   "certificateArn": "arn:aws:acm-pca:{{region}}:{{account}}:certificate-authority/{{CA_ID}}/certificate/{{certificate_ID}}",
   "serial": "{{serial_number}}",
   "subject": "CN=pca.alpha.root2.leaf1",
   "notBefore": "2020-11-06T19:18:21+0000",
   "notAfter": "9999-12-31T23:59:59+0000",
   "issuedAt": "2020-11-06T20:18:22+0000",
   "templateArn": "arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
```