SSL Certificate Chain API
API DocumentationCheck a domain’s SSL certificate chain via API calls
Obtain a domain name’s Secure Sockets Layer (SSL) certificate and trace its complete SSL certificate chain to reveal inconsistencies and misconfigurations that may translate to exploitable vulnerabilities.
Input parameters
- Domain name - Target domain to analyze
Data returned
An ordered collection of all SSL certificates present in a domain’s SSL certificate chain starting with the end-user certificate down to all intermediate certificates and ending with the root certificate.
Each SSL certificate comes with the following information:
- Certificate chain position: End-user, intermediate, or root
- Common name
- Type (e.g., domain, organization, or extended validation)
- Valid from and to dates
- Serial number
- Signature algorithm
- Subject - Certificate ownership details that include:
- Country (C)
- Province (S)
- City (L)
- Organization (O)
- Organizational unit
- Common name (CN)
- Business category
- Address of incorporation
- Issuer - Certificate issuer information containing the same data points (i.e., country, province, etc.) as for the Subject
- Purposes - List of allowed uses for the certificates
- Purposes certificate authority (CA) - List of allowed purposes for the certificate granting its user to act as a CA
- Public key information:
- Type
- Size in bits
- Privacy-enhanced electronic mail (PEM) details
- Extensions:
- Key usage
- Extended key usage
- Subject alternative name
- Authority information access
- Subject key identifier
- Basic constraints
- Authority key identifier
- Certificate policies
- Certificate Revocation List (CRL) distribution points
- Certificate PEM
Sample output
[
{
"chainHierarchy": "end-user",
"commonName": "*.google.com",
"type": "Organization validated",
"validFrom": "2017-12-05 09:28:00",
"validTo": "2018-02-27 09:28:00",
"serialNumber": "56:77:28:80:0D:87:9C:61",
"signatureAlgorithm": "sha256WithRSAEncryption",
"subject": {
"country": "US",
"province": "California",
"city": "Mountain View",
"organization": "Google Inc",
"commonName": "*.google.com"
},
"issuer": {
"country": "US",
"organization": "Google Inc",
"commonName": "Google Internet Authority G2"
},
"purposes": [
"sslserver",
"any",
"ocsphelper"
],
"purposesCA": [
"any"
],
"publicKey": {
"type": "ecdsa",
"bits": 256,
"pem": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDBWiP78aAO8YosSxLVtBBi8NCAgU\nUHXeSSHmPEJNrN0TSNKdvP5CbGpAwlbdcxgLMsOPFvxjrYH3zHzMU5Qp7A==\n-----END PUBLIC KEY-----\n"
},
"extensions": {
"extendedKeyUsage": "TLS Web Server Authentication",
"keyUsage": "Digital Signature",
"subjectAltName": "DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.db833953.google.cn, DNS:*.g.co, DNS:*.gcp.gvt2.com, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleadapis.com, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.metric.gstatic.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.yt.be, DNS:*.ytimg.com, DNS:android.clients.google.com, DNS:android.com, DNS:developer.android.google.cn, DNS:developers.android.google.cn, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:source.android.google.cn, DNS:urchin.com, DNS:www.goo.gl, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com, DNS:yt.be",
"authorityInfoAccess": "CA Issuers - URI:http://pki.google.com/GIAG2.crt\nOCSP - URI:http://clients1.google.com/ocsp\n",
"subjectKeyIdentifier": "A7:07:43:41:79:44:EB:0A:E6:14:66:EB:EA:45:CC:F4:6B:59:F4:B6",
"basicConstraints": "CA:FALSE",
"authorityKeyIdentifier": "keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F\n",
"certificatePolicies": "Policy: 1.3.6.1.4.1.11129.2.5.1\nPolicy: 2.23.140.1.2.2\n",
"crlDistributionPoints": "\nFull Name:\n URI:http://pki.google.com/GIAG2.crl\n"
},
"certificatePEM": "-----BEGIN CERTIFICATE-----\nMIIHgzCCBmugAwIBAgIIVncogA2HnGEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE\nBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\ncm5ldCBBdXRob3JpdHkgRzIwHhcNMTcxMjA1MDkyODAwWhcNMTgwMjI3MDkyODAw\nWjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\nTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDBWiP78aAO8YosSx\nLVtBBi8NCAgUUHXeSSHmPEJNrN0TSNKdvP5CbGpAwlbdcxgLMsOPFvxjrYH3zHzM\nU5Qp7KOCBRswggUXMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIH\ngDCCA+EGA1UdEQSCA9gwggPUggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22C\nFiouYXBwZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIUKi5k\nYjgzMzk1My5nb29nbGUuY26CBiouZy5jb4IOKi5nY3AuZ3Z0Mi5jb22CFiouZ29v\nZ2xlLWFuYWx5dGljcy5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5n\nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5n\nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIP\nKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50\ncoIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyou\nZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5s\nggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIP\nKi5nb29nbGVhcGlzLmNughQqLmdvb2dsZWNvbW1lcmNlLmNvbYIRKi5nb29nbGV2\naWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYIKKi5ndnQxLmNv\nbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22CDCoudXJjaGluLmNv\nbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55\nb3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIHKi55dC5iZYILKi55\ndGltZy5jb22CGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tggthbmRyb2lkLmNv\nbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJv\naWQuZ29vZ2xlLmNuggRnLmNvggZnb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29t\nggpnb29nbGUuY29tghJnb29nbGVjb21tZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lk\nLmdvb2dsZS5jboIKdXJjaGluLmNvbYIKd3d3Lmdvby5nbIIIeW91dHUuYmWCC3lv\ndXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIFeXQuYmUwaAYIKwYBBQUH\nAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIu\nY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3Nw\nMB0GA1UdDgQWBBSnB0NBeUTrCuYUZuvqRcz0a1n0tjAMBgNVHRMBAf8EAjAAMB8G\nA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYB\nBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5n\nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAXWD8sXwJ17VB\njRNUN+t1s4eJG1s5xbTU3n6euiTLgCscd6ScMYmX4m1GzXbnfz2Fc7zScB3nyT82\nSMMpM5jKhFKUaH5NyJz7ojJzXOnyvzTp6bGFZ+D6Y+cfMLoDRE1YU6k9qGMafr1K\nx+yIqsCnCdA98c+6Zc2DwSqPcV4so6CkYErNn4ZwSyH0C2iqr4rPNFin0qJV5JCX\nL3ftoK6OgUTcvWPTFbR+BsEMmbnHNS1LWSAoSZulD2QtR5INi6GWOXqVtjx5XOp2\nR7ZGSvfT/9iTa6YWf+b5oPHcfRkRY7aYayC+ZzROj2cvNumQg5MXZWYl4jlxfxeR\nW/XZBhS2cw==\n-----END CERTIFICATE-----\n",
}
]
Get free 100 credits for use with SSL Certificate Chain API or any of our Threat Intelligence APIs upon registration.
Sign up hereHave questions?
We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.
For a quick response, please select the request type that best suits your needs.
Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.