Threat intelligence API Docs Pricing Resources Contact us

SSL Certificates Chain API

API Documentation

Get the domain's SSL Certificate along with its Certificates chain - in a well-parsed JSON format

For a given domain name, get detailed information about its SSL Certificate and the complete SSL Certificates chain. The data is provided in a unified and consistent JSON format and could be easily integrated with your system.

Domain

Input parameters

  • Domain name: target domain name to be analyzed

The data returned

An ordered collection of all SSL certificates present in the SSL Certificates chain starting with the end-user one, then all the intermediate certificates and then the root SSL Certificate.

For each SSL certificate, the following information is provided:

  • Position in the certificates chain: End-user, Intermediate or Root
  • Common name
  • Type (eg. Domain, Organization or Extended validation)
  • Valid from and to dates
  • Serial number
  • Signature algorithm
  • Subject - who the certificate was issued to:
    • Country (C)
    • Province (S)
    • City (L)
    • Organization (O)
    • Organizational unit
    • Common name (CN)
    • Business category
    • Incorporation address
  • Issuer - the one who issued the certificate. The details include the same fields as the Subject section does.
  • Purposes - a list of allowed purposes the certificate can be used for
  • Purposes CA - a list of allowed purposes the certificate can be used for when acting as a Certificate Authority.
  • Public key information
    • Type
    • Size in bits
    • PEM - Privacy-enhanced Electronic Mail
  • Extensions:
    • Key usage
    • Extended key usage
    • Subject alternative name
    • Authority info access
    • Subject key identifier
    • Basic constraints
    • Authority key identifier
    • Certificate policies
    • CRL distribution points
  • Certificate PEM

Sample output

        
            [
                {
                  "chainHierarchy": "end-user",
                  "commonName": "*.google.com",
                  "type": "Organization validated",
                  "validFrom": "2017-12-05 09:28:00",
                  "validTo": "2018-02-27 09:28:00",
                  "serialNumber": "56:77:28:80:0D:87:9C:61",
                  "signatureAlgorithm": "sha256WithRSAEncryption",
                  "subject": {
                    "country": "US",
                    "province": "California",
                    "city": "Mountain View",
                    "organization": "Google Inc",
                    "commonName": "*.google.com"
                  },
                  "issuer": {
                    "country": "US",
                    "organization": "Google Inc",
                    "commonName": "Google Internet Authority G2"
                  },
                  "purposes": [
                    "sslserver",
                    "any",
                    "ocsphelper"
                  ],
                  "purposesCA": [
                    "any"
                  ],
                  "publicKey": {
                    "type": "ecdsa",
                    "bits": 256,
                    "pem": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDBWiP78aAO8YosSxLVtBBi8NCAgU\nUHXeSSHmPEJNrN0TSNKdvP5CbGpAwlbdcxgLMsOPFvxjrYH3zHzMU5Qp7A==\n-----END PUBLIC KEY-----\n"
                  },
                  "extensions": {
                    "extendedKeyUsage": "TLS Web Server Authentication",
                    "keyUsage": "Digital Signature",
                    "subjectAltName": "DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.db833953.google.cn, DNS:*.g.co, DNS:*.gcp.gvt2.com, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleadapis.com, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.metric.gstatic.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.yt.be, DNS:*.ytimg.com, DNS:android.clients.google.com, DNS:android.com, DNS:developer.android.google.cn, DNS:developers.android.google.cn, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:source.android.google.cn, DNS:urchin.com, DNS:www.goo.gl, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com, DNS:yt.be",
                    "authorityInfoAccess": "CA Issuers - URI:http://pki.google.com/GIAG2.crt\nOCSP - URI:http://clients1.google.com/ocsp\n",
                    "subjectKeyIdentifier": "A7:07:43:41:79:44:EB:0A:E6:14:66:EB:EA:45:CC:F4:6B:59:F4:B6",
                    "basicConstraints": "CA:FALSE",
                    "authorityKeyIdentifier": "keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F\n",
                    "certificatePolicies": "Policy: 1.3.6.1.4.1.11129.2.5.1\nPolicy: 2.23.140.1.2.2\n",
                    "crlDistributionPoints": "\nFull Name:\n  URI:http://pki.google.com/GIAG2.crl\n"
                  },
                  "certificatePEM": "-----BEGIN CERTIFICATE-----\nMIIHgzCCBmugAwIBAgIIVncogA2HnGEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE\nBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\ncm5ldCBBdXRob3JpdHkgRzIwHhcNMTcxMjA1MDkyODAwWhcNMTgwMjI3MDkyODAw\nWjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\nTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDBWiP78aAO8YosSx\nLVtBBi8NCAgUUHXeSSHmPEJNrN0TSNKdvP5CbGpAwlbdcxgLMsOPFvxjrYH3zHzM\nU5Qp7KOCBRswggUXMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIH\ngDCCA+EGA1UdEQSCA9gwggPUggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22C\nFiouYXBwZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIUKi5k\nYjgzMzk1My5nb29nbGUuY26CBiouZy5jb4IOKi5nY3AuZ3Z0Mi5jb22CFiouZ29v\nZ2xlLWFuYWx5dGljcy5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5n\nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5n\nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIP\nKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50\ncoIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyou\nZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5s\nggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIP\nKi5nb29nbGVhcGlzLmNughQqLmdvb2dsZWNvbW1lcmNlLmNvbYIRKi5nb29nbGV2\naWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYIKKi5ndnQxLmNv\nbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22CDCoudXJjaGluLmNv\nbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55\nb3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIHKi55dC5iZYILKi55\ndGltZy5jb22CGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tggthbmRyb2lkLmNv\nbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJv\naWQuZ29vZ2xlLmNuggRnLmNvggZnb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29t\nggpnb29nbGUuY29tghJnb29nbGVjb21tZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lk\nLmdvb2dsZS5jboIKdXJjaGluLmNvbYIKd3d3Lmdvby5nbIIIeW91dHUuYmWCC3lv\ndXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIFeXQuYmUwaAYIKwYBBQUH\nAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIu\nY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3Nw\nMB0GA1UdDgQWBBSnB0NBeUTrCuYUZuvqRcz0a1n0tjAMBgNVHRMBAf8EAjAAMB8G\nA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYB\nBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5n\nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAXWD8sXwJ17VB\njRNUN+t1s4eJG1s5xbTU3n6euiTLgCscd6ScMYmX4m1GzXbnfz2Fc7zScB3nyT82\nSMMpM5jKhFKUaH5NyJz7ojJzXOnyvzTp6bGFZ+D6Y+cfMLoDRE1YU6k9qGMafr1K\nx+yIqsCnCdA98c+6Zc2DwSqPcV4so6CkYErNn4ZwSyH0C2iqr4rPNFin0qJV5JCX\nL3ftoK6OgUTcvWPTFbR+BsEMmbnHNS1LWSAoSZulD2QtR5INi6GWOXqVtjx5XOp2\nR7ZGSvfT/9iTa6YWf+b5oPHcfRkRY7aYayC+ZzROj2cvNumQg5MXZWYl4jlxfxeR\nW/XZBhS2cw==\n-----END CERTIFICATE-----\n",
                }
            ]
        
    

After Sign-up you automatically get a free subscription plan limited to 1,000 credits. It allows making 1,000 requests to this API.

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to