Threat intelligence API Docs Pricing Solutions Resources Contact us


Read other articles

SSL Certificate Chain Analysis API: Exploring the Chain

Posted on October 29, 2018

Trust is the bond that connects the many interactions on the web but it is only given after a company or website has been proven worthy of it. In this context, proof comes from SSL certificates provided through a chain of issuing authorities — checked for authenticity link by link through SSL Certificate Chain Analysis API.

Only when every element in the chain is correct can full trustworthiness be earned. So let’s dig in and look at it more closely.

SSL Certificate Chain Analysis API: Exploring the Chain

What Is the SSL Certificate Chain?

An SSL Certificate Chain is a chronological collection of all SSL certificates that comprise the SSL certificates chain. It consists of:

  • Server certificate
    The chain begins with the server certificate (SSL certificate) which is used to identify a server and provides the basis for encrypting and decrypting content.
  • Intermediate certificate
    It's the signer/issuer of the server certificate. It sits between the server certificate and the root certificate and must be installed on the server to make the SSL certificate compatible with all the clients. Otherwise, some browsers, applications, and mobile devices may not trust the SSL certificate.
  • Root CA certificate
    It's the signer/issuer of the intermediate certificate which is put at the end of the chain. It is always signed by the Certificate Authority itself.
  • Certificate Authority (CA)
    It is a trusted third-party entity that issues digital SSL certificates and public keys that are used for encrypting information in a public network.

How Does SSL Certificate Chain Analysis API Work?

You can start working with SSL Certificate Chain Analysis API by inputting the domain name to be analyzed. This will open an ordered list of all SSL certificates issued to that domain beginning with the end user SSL certificate on one end, all the intermediate certificates in the middle, and the root SSL certificate on the other end.

As a result, each SSL certificate in the chain is provided with a number of important details, including:

  • The position in the certificates chain — End-user, Intermediate, or Root
  • The type of validation (Domain, Organization or Extended) and validation dates
  • The issuer — the person who issues the certificate
  • The subject — to whom the certificate is issued
  • The list of allowed purposes a certificate can be used for
  • Public key information and extensions

In turn, each of these parameters is checked against existing records to see whether the certificate was issued by a trusted source.

What Happens if the Chain Is Invalid?

Improperly configured SSL chain might create various issues. First of all, misconfigurations detected during the SSL Certificate Chain Analysis may automatically cause certificate errors in browsers. These result in warnings that can lead to poor user experience or, worse, drive website visitors away. Additionally, misconfigured chains might not work in some browsers and can be hard to debug.

What Happens if the Chain Is Invalid?

So Why Do Companies Need an SSL Certificate Chain Analysis?

A proper certificate chain analysis result validates a company's trustworthy standing in the web community and serves as a ticket to enjoy a host of advantages.

  • Guaranteed encryption – A correct chain ensures an encrypted link between a web server and a browser. It means that all online transactions that are exchanged between the web server and browsers remain confidential and protected from hackers, which is crucial for businesses conducting their interactions online.
  • Fail-safe identification – You can rest assured that the computer or web server you're talking to is one that you can trust. This is especially relevant in the face of rampant impersonation attacks that businesses often fall victims of.
  • Trustworthiness validation – Passing the strict SSL Certificate Chain Analysis validates a domain's trustworthiness in dealing with confidential information or financial transactions online. For example, checking certificates validation type when interacting with an e-commerce website can detect if the business pays attention to securing the sensitive data through an Extended Validation certificate.
  • Data security – SSL Certificate Chain Analysis confirms a domain's secure browser-server connection by authenticating its SSL certificate. This protects companies from man-in-the-middle attacks ensuring that no one can interfere in data security across all applications and platforms.
  • Increased Google rankings – A domain that has passed the verification of SSL Certificate Chain Analysis runs no risk of being blocked and increases its prospects for higher Google rankings. In fact, in 2017, 50% of page 1 Google organic search results featured secure (HTTPS) websites.
  • Enhanced customer trust – A verified SSL certificate chain assures customers of the reliability of a domain's SSL sign. This is good for business as customers have fewer apprehensions about sharing their data.
  • Improved conversion rate – Websites with a clean bill of SSL health can improve their products' conversion rate as visitors are encouraged to visit, thereby increasing the likelihood of an online purchase.

The web is built upon a chain of trust. Find out if you, a close third party, or any online entity you interact with measure up to the exacting standards of the chain by letting domains go through the SSL Certificate Chain Analysis API.

If you wish to learn more about how our APIs can help your business improve online security and safeguard sensitive information, contact us at or sign up for a free trial.

Read other articles
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.