Threat intelligence API Docs Pricing Blog Contact us

SSL Certificates Chain API

API Documentation

Get the domain's SSL Certificate along with its Certificates chain - in a well-parsed JSON format

For a given domain name, get detailed information about its SSL Certificate and the complete SSL Certificates chain. The data is provided in a unified and consistent JSON format and could be easily integrated with your system.

Domain

Input parameters

  • Domain name: target domain name to be analyzed

The data returned

An ordered collection of all SSL certificates present in the SSL Certificates chain starting with the end-user one, then all the intermediate certificates and then the root SSL Certificate.

For each SSL certificate, the following information is provided:

  • Position in the certificates chain: End-user, Intermediate or Root
  • Common name
  • Type (eg. Domain, Organization or Extended validation)
  • Valid from and to dates
  • Serial number
  • Signature algorithm
  • Subject - who the certificate was issued to:
    • Country (C)
    • Province (S)
    • City (L)
    • Organization (O)
    • Organizational unit
    • Common name (CN)
    • Business category
    • Incorporation address
  • Issuer - the one who issued the certificate. The details include the same fields as the Subject section does.
  • Purposes - a list of allowed purposes the certificate can be used for
  • Purposes CA - a list of allowed purposes the certificate can be used for when acting as a Certificate Authority.
  • Public key information
    • Type
    • Size in bits
    • PEM - Privacy-enhanced Electronic Mail
  • Extensions:
    • Key usage
    • Extended key usage
    • Subject alternative name
    • Authority info access
    • Subject key identifier
    • Basic constraints
    • Authority key identifier
    • Certificate policies
    • CRL distribution points
  • Certificate PEM

Sample output

        
            [
                {
                  "chainHierarchy": "end-user",
                  "commonName": "*.google.com",
                  "type": "Organization validated",
                  "validFrom": "2017-12-05 09:28:00",
                  "validTo": "2018-02-27 09:28:00",
                  "serialNumber": "56:77:28:80:0D:87:9C:61",
                  "signatureAlgorithm": "sha256WithRSAEncryption",
                  "subject": {
                    "country": "US",
                    "province": "California",
                    "city": "Mountain View",
                    "organization": "Google Inc",
                    "commonName": "*.google.com"
                  },
                  "issuer": {
                    "country": "US",
                    "organization": "Google Inc",
                    "commonName": "Google Internet Authority G2"
                  },
                  "purposes": [
                    "sslserver",
                    "any",
                    "ocsphelper"
                  ],
                  "purposesCA": [
                    "any"
                  ],
                  "publicKey": {
                    "type": "ecdsa",
                    "bits": 256,
                    "pem": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDBWiP78aAO8YosSxLVtBBi8NCAgU\nUHXeSSHmPEJNrN0TSNKdvP5CbGpAwlbdcxgLMsOPFvxjrYH3zHzMU5Qp7A==\n-----END PUBLIC KEY-----\n"
                  },
                  "extensions": {
                    "extendedKeyUsage": "TLS Web Server Authentication",
                    "keyUsage": "Digital Signature",
                    "subjectAltName": "DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.db833953.google.cn, DNS:*.g.co, DNS:*.gcp.gvt2.com, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleadapis.com, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.metric.gstatic.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.yt.be, DNS:*.ytimg.com, DNS:android.clients.google.com, DNS:android.com, DNS:developer.android.google.cn, DNS:developers.android.google.cn, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:source.android.google.cn, DNS:urchin.com, DNS:www.goo.gl, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com, DNS:yt.be",
                    "authorityInfoAccess": "CA Issuers - URI:http://pki.google.com/GIAG2.crt\nOCSP - URI:http://clients1.google.com/ocsp\n",
                    "subjectKeyIdentifier": "A7:07:43:41:79:44:EB:0A:E6:14:66:EB:EA:45:CC:F4:6B:59:F4:B6",
                    "basicConstraints": "CA:FALSE",
                    "authorityKeyIdentifier": "keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F\n",
                    "certificatePolicies": "Policy: 1.3.6.1.4.1.11129.2.5.1\nPolicy: 2.23.140.1.2.2\n",
                    "crlDistributionPoints": "\nFull Name:\n  URI:http://pki.google.com/GIAG2.crl\n"
                  },
                  "certificatePEM": "-----BEGIN CERTIFICATE-----\nMIIHgzCCBmugAwIBAgIIVncogA2HnGEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE\nBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\ncm5ldCBBdXRob3JpdHkgRzIwHhcNMTcxMjA1MDkyODAwWhcNMTgwMjI3MDkyODAw\nWjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\nTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDBWiP78aAO8YosSx\nLVtBBi8NCAgUUHXeSSHmPEJNrN0TSNKdvP5CbGpAwlbdcxgLMsOPFvxjrYH3zHzM\nU5Qp7KOCBRswggUXMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIH\ngDCCA+EGA1UdEQSCA9gwggPUggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22C\nFiouYXBwZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIUKi5k\nYjgzMzk1My5nb29nbGUuY26CBiouZy5jb4IOKi5nY3AuZ3Z0Mi5jb22CFiouZ29v\nZ2xlLWFuYWx5dGljcy5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5n\nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5n\nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIP\nKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50\ncoIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyou\nZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5s\nggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIP\nKi5nb29nbGVhcGlzLmNughQqLmdvb2dsZWNvbW1lcmNlLmNvbYIRKi5nb29nbGV2\naWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYIKKi5ndnQxLmNv\nbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22CDCoudXJjaGluLmNv\nbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55\nb3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIHKi55dC5iZYILKi55\ndGltZy5jb22CGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tggthbmRyb2lkLmNv\nbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJv\naWQuZ29vZ2xlLmNuggRnLmNvggZnb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29t\nggpnb29nbGUuY29tghJnb29nbGVjb21tZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lk\nLmdvb2dsZS5jboIKdXJjaGluLmNvbYIKd3d3Lmdvby5nbIIIeW91dHUuYmWCC3lv\ndXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIFeXQuYmUwaAYIKwYBBQUH\nAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIu\nY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3Nw\nMB0GA1UdDgQWBBSnB0NBeUTrCuYUZuvqRcz0a1n0tjAMBgNVHRMBAf8EAjAAMB8G\nA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYB\nBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5n\nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAXWD8sXwJ17VB\njRNUN+t1s4eJG1s5xbTU3n6euiTLgCscd6ScMYmX4m1GzXbnfz2Fc7zScB3nyT82\nSMMpM5jKhFKUaH5NyJz7ojJzXOnyvzTp6bGFZ+D6Y+cfMLoDRE1YU6k9qGMafr1K\nx+yIqsCnCdA98c+6Zc2DwSqPcV4so6CkYErNn4ZwSyH0C2iqr4rPNFin0qJV5JCX\nL3ftoK6OgUTcvWPTFbR+BsEMmbnHNS1LWSAoSZulD2QtR5INi6GWOXqVtjx5XOp2\nR7ZGSvfT/9iTa6YWf+b5oPHcfRkRY7aYayC+ZzROj2cvNumQg5MXZWYl4jlxfxeR\nW/XZBhS2cw==\n-----END CERTIFICATE-----\n",
                }
            ]
        
    

After Sign-up you automatically get a free subscription plan limited to 100 credits. It allows making 100 requests to this API.

Get FREE trial
Have questions?
support@threatintelligenceplatform.com
We will get back to you within a day.
Threat Intelligence Platform, LLC

California
USA

Contact us