SearchCtrl+K

SSL Certificate Lookup API Reference

Retrieve SSL certificate details for any domain. Get comprehensive information including issuer, validity period, public key, subject alternative names, and raw certificate data.

GET

https://api.apifreaks.com/v1.0/domain/ssl/live

Test

Pass the domain name as a query parameter. The response includes a single end-user certificate. Use the chain endpoint for the full certificate chain.

Getting Started

Authentication

Pass your API key as the apiKey parameter in every request.

API Version

This is version v1.0 of the API.

LANGUAGE

curl -X 'GET' \
  'https://api.apifreaks.com/v1.0/domain/ssl/live?domainName=google.com' \
  -H 'X-apiKey: API-KEY'

Response

{
  "domainName": "google.com",
  "queryTime": "2026-06-06 14: 58: 44",
  "sslCertificates": [
    {
      "chainOrder": "end-user",
      "authenticationType": "domain",
      "validityStartDate": "2026-05-18 18: 35: 21 UTC",
      "validityEndDate": "2026-08-10 18: 35: 20 UTC",
      "serialNumber": "d5: 2a: 59: 68: 49:a3:ce: 9b: 10: 64: 16: 9b:c7:eb:df: 4b",
      "signatureAlgorithm": "SHA256-RSA",
      "subject": {
        "commonName": "*.google.com"
      },
      "issuer": {
        "commonName": "WR2",
        "organization": "Google Trust Services",
        "country": "US"
      },
      "publicKey": {
        "keySize": "256 bit",
        "keyAlgorithm": "ECDSA",
        "pemRaw": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErGwQHDlGZHg4bCpvaBQKF07hm4v6puRsRi7O6JQH78GTcBkGAHRZSLqvlH8K+wDBOiTKlDh3sWlmEJDUJDdoKA==\n-----END PUBLIC KEY-----\n"
      },
      "extensions": {
        "authorityKeyIdentifier": "DE: 1B: 1E:ED: 79: 15:D4: 3E: 37: 24:C3: 21:BB:EC: 34: 39: 6D: 42:B2: 30",
        "subjectKeyIdentifier": "2E:EC: 34:B9: 3E: 97: 83:C3: 7E:E5:D0:F4:AB: 56:D4: 25: 99: 67: 7D: 6B",
        "keyUsages": [
          "Digital Signature"
        ],
        "extendedKeyUsages": [
          "TLS Web Server Authentication"
        ],
        "crlDistributionPoints": [
          "http://c.pki.goog/wr2/GSyT1N4PBrg.crl"
        ],
        "authorityInfoAccess": {
          "issuers": [
            "http://i.pki.goog/wr2.crt"
          ],
          "ocsp": [
            "http://o.pki.goog/wr2"
          ]
        },
        "subjectAlternativeNames": {
          "dnsNames": [
            "*.google.com",
            "google.com",
            "youtube.com",
            "*.youtube.com",
            "*.ytimg.com"
          ]
        },
        "certificatePolicies": [
          {
            "policyId": "2.23.140.1.2.1"
          }
        ]
      },
      "pemRaw": "-----BEGIN CERTIFICATE-----\nMIIIdTCCB12gAwIBAgIRANUqWWhJo86bEGQWm8fr30swDQYJKoZIhvcNAQELBQAwOzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEMMAoGA1UEAxMDV1IyMB4XDTI2MDUxODE4MzUyMVoXDTI2MDgxMDE4MzUyMFowFzEVMBMGA1UEAwwMKi5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErGwQHDlGZHg4bCpvaBQKF07hm4v6puRsRi7O6JQH78GTcBkGAHRZSLqvlH8K+wDBOiTKlDh3sWlmEJDUJDdoKKOCBmEwggZdMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQu7DS5PpeDw37l0PSrVtQlmWd9azAfBgNVHSMEGDAWgBTeGx7teRXUPjckwyG77DQ5bUKyMDBYBggrBgEFBQcBAQRMMEowIQYIKwYBBQUHMAGGFWh0dHA6Ly9vLnBraS5nb29nL3dyMjAlBggrBgEFBQcwAoYZaHR0cDovL2kucGtpLmdvb2cvd3IyLmNydDCCBDgGA1UdEQSCBC8wggQrggwqLmdvb2dsZS5jb22CFiouYXBwZW5naW5lLmdvb2dsZS5jb22CCSouYmRuLmRldoIVKi5vcmlnaW4tdGVzdC5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghkqLmdlbWluaS5jbG91ZC5nb29nbGUuY29tgg0qLmdzdGF0aWMuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIKKi5ndnQxLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CDiouZ2NwLmd2dDIuY29tghAqLnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggsqLnl0aW1nLmNvbYIKYWkuYW5kcm9pZIILYW5kcm9pZC5jb22CDSouYW5kcm9pZC5jb22CEyouZmxhc2guYW5kcm9pZC5jb22CBGcuY28CBDEwLmdvb2dsZS5jb22CEiouZ29vZ2xlLWNhcnRzLmNvbYIKZ29vZ2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghQqLmdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIMKi51cmNoaW4uY29tggh5b3V0dS5iZYILeW91dHViZS5jb22CDSoueW91dHViZS5jb22CEW11c2ljLnlvdXR1YmUuY29tghMqLm11c2ljLnlvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIPeW91dHViZWtpZHMuY29tghEqLnlvdXR1YmVraWRzLmNvbYIFeXQuYmWCByoueXQuYmWCGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tghUqLmFpc3R1ZGlvLmdvb2dsZS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2MucGtpLmdvb2cvd3IyL0dTeVQxTjRQQnJnLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AMs49xWJfIShRF9bwd37yW7ymlnNRwppBYWwyxTDFFjnAAABnjyV+/0AAAQDAEcwRQIgCgvqLruYdmtREQIJopZQVZEAux/EdciE9ThPK5WLOIwCIQDJjNYSb4sTv+LnXVHnirnD6kTT5FY8gLI6mKR0WI/m1AB1ANgJVTuUT3r/yBYZb5RPhauw+Pxeh1UmDxXRLnK7RUsUAAABnjyV+8EAAAQDAEYwRAIgQvDSSJRos+D8Lk6bpjH2ZlYxD/N6Gv2TqkFZhUlFKeQCIBq55PPw4e5N89gLgzFC2kp1X+YvFsURPsLrz1LqOAymMA0GCSqGSIb3DQEBCwUAA4IBAQBtZusj1ojCxhZxk5KpZ92eZuTkDVJgJGtDq8gPRehf50mZiu2gDK1JgXIzKRey3tHmgNrCmTon5QJAL9yDyrOGs2GoQsfMkenH0+/hTsLB+n03ni9+9jghfPvE9CZbFimniiqGznhnW5mNOZGy2AnXz79ZfHr4J8AuPh4HVvPc6q/2coyl7Vlxp2XDo6j1eoZARVSske22WvE34U4Yunq+SE0E0a8aKTV7Q7YHeu8/NAsFmG7V6QSSqAyFyxqeEzuz8ylBPxS/cejBk+29tGlfqqrR1JEKdcFLF7EuRyvRWAuQMQBHRA9boa3/lz1f+jEkkUbfqEMrDAnxLthdKKJk\n-----END CERTIFICATE-----\n"
    }
  ]
}

API Request Parameters

The following query parameters control the SSL lookup.

domainNamerequiredString

Domain name or URL whose SSL certificate lookup is required

sslRawoptionalBooleandefault: false

For getting the raw openSSL response of the domain.

API Response Schema

A successful request returns a 200 OK response with a JSON object containing SSL certificate details.

domainName

Stringmandatory

Domain for which the certificate is queried.

queryTime

Stringmandatory

Time when the query was made.

sslCertificates

Array<CertificateInfo>mandatory

List of SSL certificates found for the domain. Without chain: contains 1 entry. With chain: contains all certificates in the chain.

sslRaw

Stringoptional

Raw OpenSSL output for the certificate. Only present when sslRaw parameter is set to true.

Each entry in the sslCertificates array contains the following fields:

chainOrder

Stringmandatory

Position in the certificate chain (e.g., end-user, intermediate, root).

authenticationType

Stringmandatory

Type of authentication (e.g., domain, organization, self-signed-ca).

validityStartDate

Stringmandatory

Start date of the certificate validity period.

validityEndDate

Stringmandatory

End date of the certificate validity period.

serialNumber

Stringmandatory

Unique serial number assigned to the certificate by the CA.

signatureAlgorithm

Stringmandatory

Algorithm used to sign the certificate (e.g., SHA256-RSA).

subject.commonName

Stringmandatory

Common name (CN) — the primary domain the certificate is issued to.

subject.organization

Stringoptional

Organization (O) — the legal entity behind the certificate.

subject.organizationalUnit

Stringoptional

Organizational unit (OU) — department or division within the organization.

subject.locality

Stringoptional

Locality (L) — city or town of the certificate owner.

subject.state

Stringoptional

State or province (ST) — region within the country.

subject.country

Stringoptional

Country (C) — ISO-2 country code of the certificate owner.

subject.incCountry

Stringoptional

Incorporation country — country of incorporation for business entities.

subject.incState

Stringoptional

Incorporation state — state of incorporation for business entities.

subject.businessCategory

Stringoptional

Business category — classification of the certificate holder.

subject.street

Stringoptional

Street address of the certificate owner.

subject.postalCode

Stringoptional

Postal code of the certificate owner.

subject.serialNumber

Stringoptional

Serial number of the device or entity in the subject field.

issuer.commonName

Stringmandatory

Common name (CN) of the Certificate Authority that issued the certificate.

issuer.organization

Stringoptional

Organization (O) of the issuing CA.

issuer.organizationalUnit

Stringoptional

Organizational unit (OU) of the issuing CA.

issuer.locality

Stringoptional

Locality (L) of the issuing CA.

issuer.state

Stringoptional

State or province (ST) of the issuing CA.

issuer.country

Stringoptional

Country (C) — ISO-2 country code of the issuing CA.

issuer.incCountry

Stringoptional

Incorporation country of the issuing CA.

issuer.incState

Stringoptional

Incorporation state of the issuing CA.

issuer.businessCategory

Stringoptional

Business category of the issuing CA.

issuer.street

Stringoptional

Street address of the issuing CA.

issuer.postalCode

Stringoptional

Postal code of the issuing CA.

issuer.serialNumber

Stringoptional

Serial number of the issuing CA certificate.

publicKey.keySize

Stringmandatory

Key size in bits (e.g., 256 bit for ECDSA, 4096 bit for RSA).

publicKey.keyAlgorithm

Stringmandatory

Public key algorithm (e.g., ECDSA, RSA).

publicKey.pemRaw

Stringmandatory

Raw PEM-encoded public key.

extensions.authorityKeyIdentifier

Stringmandatory

Identifier linking this certificate to its issuing CA certificate.

extensions.subjectKeyIdentifier

Stringmandatory

Unique identifier for this certificate public key.

extensions.keyUsages

Array<String>mandatory

Key usage purposes (e.g., Digital Signature, Certificate Sign, CRL Sign).

extensions.extendedKeyUsages

Array<String>mandatory

Extended key usage purposes (e.g., TLS Web Server Authentication).

extensions.crlDistributionPoints

Array<String>optional

URLs where the Certificate Revocation List (CRL) can be downloaded.

extensions.authorityInfoAccess.issuers

Array<String>mandatory

URLs to access the issuing CA certificate (AIA issuers).

extensions.authorityInfoAccess.ocsp

Array<String>optional

URLs for the Online Certificate Status Protocol (OCSP) responder.

extensions.subjectAlternativeNames.dnsNames

Array<String>optional

DNS domain names covered by the certificate.

extensions.subjectAlternativeNames.emailAddresses

Array<String>optional

Email addresses covered by the certificate.

extensions.subjectAlternativeNames.ipAddresses

Array<String>optional

IP addresses covered by the certificate.

extensions.subjectAlternativeNames.uris

Array<String>optional

URI values covered by the certificate.

extensions.certificatePolicies[].policyId

Stringoptional

Policy OID identifying the certificate policy (e.g., 2.23.140.1.2.1 for domain-validated).

extensions.certificatePolicies[].policyQualifier.oid

Stringoptional

OID for the policy qualifier (e.g., 1.3.6.1.5.5.7.2.1 for CPS).

extensions.certificatePolicies[].policyQualifier.cpsUri

Stringoptional

URI to the Certification Practice Statement (CPS).

extensions.certificatePolicies[].policyQualifier.userNotice.explicitText

Stringoptional

Explicit notice text displayed to the user.

extensions.certificatePolicies[].policyQualifier.userNotice.noticeRef.organization

Stringoptional

Organization name in the notice reference.

extensions.certificatePolicies[].policyQualifier.userNotice.noticeRef.noticeNumbers

Stringoptional

Notice numbers in the notice reference.

pemRaw

Stringoptional

Raw PEM-encoded certificate data. Present in all certificates — both with and without chain.

Error Status & Codes

The API uses standard HTTP status codes to indicate the success or failure of requests. For common status codes like 429 (Too Many Requests), refer to the general API documentation.

400

please pass correct parameters

403

Unavailable domain extension.

404

No Ssl Certificate exists for entered Domain

503

Service is unavailable.

504

Request is timed-out.

SSL Certificate Lookup API Reference

Retrieve SSL certificate details for any domain. Get comprehensive information including issuer, validity period, public key, subject alternative names, and raw certificate data.

GET

https://api.apifreaks.com/v1.0/domain/ssl/live

Test

Pass the domain name as a query parameter. The response includes a single end-user certificate. Use the chain endpoint for the full certificate chain.

Getting Started

Authentication

Pass your API key as the apiKey parameter in every request.

API Version

This is version v1.0 of the API.

LANGUAGE

curl -X 'GET' \
  'https://api.apifreaks.com/v1.0/domain/ssl/live?domainName=google.com' \
  -H 'X-apiKey: API-KEY'

Response

{
  "domainName": "google.com",
  "queryTime": "2026-06-06 14: 58: 44",
  "sslCertificates": [
    {
      "chainOrder": "end-user",
      "authenticationType": "domain",
      "validityStartDate": "2026-05-18 18: 35: 21 UTC",
      "validityEndDate": "2026-08-10 18: 35: 20 UTC",
      "serialNumber": "d5: 2a: 59: 68: 49:a3:ce: 9b: 10: 64: 16: 9b:c7:eb:df: 4b",
      "signatureAlgorithm": "SHA256-RSA",
      "subject": {
        "commonName": "*.google.com"
      },
      "issuer": {
        "commonName": "WR2",
        "organization": "Google Trust Services",
        "country": "US"
      },
      "publicKey": {
        "keySize": "256 bit",
        "keyAlgorithm": "ECDSA",
        "pemRaw": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErGwQHDlGZHg4bCpvaBQKF07hm4v6puRsRi7O6JQH78GTcBkGAHRZSLqvlH8K+wDBOiTKlDh3sWlmEJDUJDdoKA==\n-----END PUBLIC KEY-----\n"
      },
      "extensions": {
        "authorityKeyIdentifier": "DE: 1B: 1E:ED: 79: 15:D4: 3E: 37: 24:C3: 21:BB:EC: 34: 39: 6D: 42:B2: 30",
        "subjectKeyIdentifier": "2E:EC: 34:B9: 3E: 97: 83:C3: 7E:E5:D0:F4:AB: 56:D4: 25: 99: 67: 7D: 6B",
        "keyUsages": [
          "Digital Signature"
        ],
        "extendedKeyUsages": [
          "TLS Web Server Authentication"
        ],
        "crlDistributionPoints": [
          "http://c.pki.goog/wr2/GSyT1N4PBrg.crl"
        ],
        "authorityInfoAccess": {
          "issuers": [
            "http://i.pki.goog/wr2.crt"
          ],
          "ocsp": [
            "http://o.pki.goog/wr2"
          ]
        },
        "subjectAlternativeNames": {
          "dnsNames": [
            "*.google.com",
            "google.com",
            "youtube.com",
            "*.youtube.com",
            "*.ytimg.com"
          ]
        },
        "certificatePolicies": [
          {
            "policyId": "2.23.140.1.2.1"
          }
        ]
      },
      "pemRaw": "-----BEGIN CERTIFICATE-----\nMIIIdTCCB12gAwIBAgIRANUqWWhJo86bEGQWm8fr30swDQYJKoZIhvcNAQELBQAwOzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEMMAoGA1UEAxMDV1IyMB4XDTI2MDUxODE4MzUyMVoXDTI2MDgxMDE4MzUyMFowFzEVMBMGA1UEAwwMKi5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErGwQHDlGZHg4bCpvaBQKF07hm4v6puRsRi7O6JQH78GTcBkGAHRZSLqvlH8K+wDBOiTKlDh3sWlmEJDUJDdoKKOCBmEwggZdMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQu7DS5PpeDw37l0PSrVtQlmWd9azAfBgNVHSMEGDAWgBTeGx7teRXUPjckwyG77DQ5bUKyMDBYBggrBgEFBQcBAQRMMEowIQYIKwYBBQUHMAGGFWh0dHA6Ly9vLnBraS5nb29nL3dyMjAlBggrBgEFBQcwAoYZaHR0cDovL2kucGtpLmdvb2cvd3IyLmNydDCCBDgGA1UdEQSCBC8wggQrggwqLmdvb2dsZS5jb22CFiouYXBwZW5naW5lLmdvb2dsZS5jb22CCSouYmRuLmRldoIVKi5vcmlnaW4tdGVzdC5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghkqLmdlbWluaS5jbG91ZC5nb29nbGUuY29tgg0qLmdzdGF0aWMuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIKKi5ndnQxLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CDiouZ2NwLmd2dDIuY29tghAqLnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggsqLnl0aW1nLmNvbYIKYWkuYW5kcm9pZIILYW5kcm9pZC5jb22CDSouYW5kcm9pZC5jb22CEyouZmxhc2guYW5kcm9pZC5jb22CBGcuY28CBDEwLmdvb2dsZS5jb22CEiouZ29vZ2xlLWNhcnRzLmNvbYIKZ29vZ2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghQqLmdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIMKi51cmNoaW4uY29tggh5b3V0dS5iZYILeW91dHViZS5jb22CDSoueW91dHViZS5jb22CEW11c2ljLnlvdXR1YmUuY29tghMqLm11c2ljLnlvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIPeW91dHViZWtpZHMuY29tghEqLnlvdXR1YmVraWRzLmNvbYIFeXQuYmWCByoueXQuYmWCGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tghUqLmFpc3R1ZGlvLmdvb2dsZS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2MucGtpLmdvb2cvd3IyL0dTeVQxTjRQQnJnLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AMs49xWJfIShRF9bwd37yW7ymlnNRwppBYWwyxTDFFjnAAABnjyV+/0AAAQDAEcwRQIgCgvqLruYdmtREQIJopZQVZEAux/EdciE9ThPK5WLOIwCIQDJjNYSb4sTv+LnXVHnirnD6kTT5FY8gLI6mKR0WI/m1AB1ANgJVTuUT3r/yBYZb5RPhauw+Pxeh1UmDxXRLnK7RUsUAAABnjyV+8EAAAQDAEYwRAIgQvDSSJRos+D8Lk6bpjH2ZlYxD/N6Gv2TqkFZhUlFKeQCIBq55PPw4e5N89gLgzFC2kp1X+YvFsURPsLrz1LqOAymMA0GCSqGSIb3DQEBCwUAA4IBAQBtZusj1ojCxhZxk5KpZ92eZuTkDVJgJGtDq8gPRehf50mZiu2gDK1JgXIzKRey3tHmgNrCmTon5QJAL9yDyrOGs2GoQsfMkenH0+/hTsLB+n03ni9+9jghfPvE9CZbFimniiqGznhnW5mNOZGy2AnXz79ZfHr4J8AuPh4HVvPc6q/2coyl7Vlxp2XDo6j1eoZARVSske22WvE34U4Yunq+SE0E0a8aKTV7Q7YHeu8/NAsFmG7V6QSSqAyFyxqeEzuz8ylBPxS/cejBk+29tGlfqqrR1JEKdcFLF7EuRyvRWAuQMQBHRA9boa3/lz1f+jEkkUbfqEMrDAnxLthdKKJk\n-----END CERTIFICATE-----\n"
    }
  ]
}

API Request Parameters

The following query parameters control the SSL lookup.

domainNamerequiredString

Domain name or URL whose SSL certificate lookup is required

sslRawoptionalBooleandefault: false

For getting the raw openSSL response of the domain.

API Response Schema

A successful request returns a 200 OK response with a JSON object containing SSL certificate details.

domainName

Stringmandatory

Domain for which the certificate is queried.

queryTime

Stringmandatory

Time when the query was made.

sslCertificates

Array<CertificateInfo>mandatory

List of SSL certificates found for the domain. Without chain: contains 1 entry. With chain: contains all certificates in the chain.

sslRaw

Stringoptional

Raw OpenSSL output for the certificate. Only present when sslRaw parameter is set to true.

Each entry in the sslCertificates array contains the following fields:

chainOrder

Stringmandatory

Position in the certificate chain (e.g., end-user, intermediate, root).

authenticationType

Stringmandatory

Type of authentication (e.g., domain, organization, self-signed-ca).

validityStartDate

Stringmandatory

Start date of the certificate validity period.

validityEndDate

Stringmandatory

End date of the certificate validity period.

serialNumber

Stringmandatory

Unique serial number assigned to the certificate by the CA.

signatureAlgorithm

Stringmandatory

Algorithm used to sign the certificate (e.g., SHA256-RSA).

subject.commonName

Stringmandatory

Common name (CN) — the primary domain the certificate is issued to.

subject.organization

Stringoptional

Organization (O) — the legal entity behind the certificate.

subject.organizationalUnit

Stringoptional

Organizational unit (OU) — department or division within the organization.

subject.locality

Stringoptional

Locality (L) — city or town of the certificate owner.

subject.state

Stringoptional

State or province (ST) — region within the country.

subject.country

Stringoptional

Country (C) — ISO-2 country code of the certificate owner.

subject.incCountry

Stringoptional

Incorporation country — country of incorporation for business entities.

subject.incState

Stringoptional

Incorporation state — state of incorporation for business entities.

subject.businessCategory

Stringoptional

Business category — classification of the certificate holder.

subject.street

Stringoptional

Street address of the certificate owner.

subject.postalCode

Stringoptional

Postal code of the certificate owner.

subject.serialNumber

Stringoptional

Serial number of the device or entity in the subject field.

issuer.commonName

Stringmandatory

Common name (CN) of the Certificate Authority that issued the certificate.

issuer.organization

Stringoptional

Organization (O) of the issuing CA.

issuer.organizationalUnit

Stringoptional

Organizational unit (OU) of the issuing CA.

issuer.locality

Stringoptional

Locality (L) of the issuing CA.

issuer.state

Stringoptional

State or province (ST) of the issuing CA.

issuer.country

Stringoptional

Country (C) — ISO-2 country code of the issuing CA.

issuer.incCountry

Stringoptional

Incorporation country of the issuing CA.

issuer.incState

Stringoptional

Incorporation state of the issuing CA.

issuer.businessCategory

Stringoptional

Business category of the issuing CA.

issuer.street

Stringoptional

Street address of the issuing CA.

issuer.postalCode

Stringoptional

Postal code of the issuing CA.

issuer.serialNumber

Stringoptional

Serial number of the issuing CA certificate.

publicKey.keySize

Stringmandatory

Key size in bits (e.g., 256 bit for ECDSA, 4096 bit for RSA).

publicKey.keyAlgorithm

Stringmandatory

Public key algorithm (e.g., ECDSA, RSA).

publicKey.pemRaw

Stringmandatory

Raw PEM-encoded public key.

extensions.authorityKeyIdentifier

Stringmandatory

Identifier linking this certificate to its issuing CA certificate.

extensions.subjectKeyIdentifier

Stringmandatory

Unique identifier for this certificate public key.

extensions.keyUsages

Array<String>mandatory

Key usage purposes (e.g., Digital Signature, Certificate Sign, CRL Sign).

extensions.extendedKeyUsages

Array<String>mandatory

Extended key usage purposes (e.g., TLS Web Server Authentication).

extensions.crlDistributionPoints

Array<String>optional

URLs where the Certificate Revocation List (CRL) can be downloaded.

extensions.authorityInfoAccess.issuers

Array<String>mandatory

URLs to access the issuing CA certificate (AIA issuers).

extensions.authorityInfoAccess.ocsp

Array<String>optional

URLs for the Online Certificate Status Protocol (OCSP) responder.

extensions.subjectAlternativeNames.dnsNames

Array<String>optional

DNS domain names covered by the certificate.

extensions.subjectAlternativeNames.emailAddresses

Array<String>optional

Email addresses covered by the certificate.

extensions.subjectAlternativeNames.ipAddresses

Array<String>optional

IP addresses covered by the certificate.

extensions.subjectAlternativeNames.uris

Array<String>optional

URI values covered by the certificate.

extensions.certificatePolicies[].policyId

Stringoptional

Policy OID identifying the certificate policy (e.g., 2.23.140.1.2.1 for domain-validated).

extensions.certificatePolicies[].policyQualifier.oid

Stringoptional

OID for the policy qualifier (e.g., 1.3.6.1.5.5.7.2.1 for CPS).

extensions.certificatePolicies[].policyQualifier.cpsUri

Stringoptional

URI to the Certification Practice Statement (CPS).

extensions.certificatePolicies[].policyQualifier.userNotice.explicitText

Stringoptional

Explicit notice text displayed to the user.

extensions.certificatePolicies[].policyQualifier.userNotice.noticeRef.organization

Stringoptional

Organization name in the notice reference.

extensions.certificatePolicies[].policyQualifier.userNotice.noticeRef.noticeNumbers

Stringoptional

Notice numbers in the notice reference.

pemRaw

Stringoptional

Raw PEM-encoded certificate data. Present in all certificates — both with and without chain.

Error Status & Codes

The API uses standard HTTP status codes to indicate the success or failure of requests. For common status codes like 429 (Too Many Requests), refer to the general API documentation.

400

please pass correct parameters

403

Unavailable domain extension.

404

No Ssl Certificate exists for entered Domain

503

Service is unavailable.

504

Request is timed-out.