SSL Certificate Lookup Documentation

Overview

  • Live SSL Certificate Lookup
    SSL cert lookup API allows you to fetch live streaming Secure Sockets Layer (SSL) certificate along with its complete SSL cert chain to provide up-to-date and consistent data in JSON/XML formats.

Authorization

You can make authorized requests to our API by passing API key as a query parameter. To get your API key, login to our billing dashboard and get your API key! If your API key has been compromised, you can change it by clicking on reset button in billing dashboard.


SSL Certificate Lookup

API

GET https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=google.com&chain=true&sslRaw=true Copy
Copied


Input parameters: required

apiKey Get your API key from our billing dashboard.

domainName The domainName for requested ssl data.

Input parameters: optional

chain For getting the chain of all domain ssl certificates sorted from end-user to root. Default value is "false"

SSLRaw For getting the raw openssl response of the domain. Default value is "false"

format Two formats are available JSON, XML. If you don't pass 'format' parameter, default format is JSON.


Code Snippets


curl --location --request GET 'https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true'
Copy

                        

var request = require('request');
var options = {
  'method': 'GET',
  'url': 'https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true',
  'headers': {
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});


Copy

                        

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
Request request = new Request.Builder()
  .url("https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true")
  .method("GET", null)
  .build();
Response response = client.newCall(request).execute();

Copy

                        

import http.client

conn = http.client.HTTPSConnection("api.whoisfreaks.com")
payload = ''
headers = {}

conn.request("GET", "/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

Copy

                        

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'GET',
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;


Copy

                        

require "uri"
require "net/http"

url = URI("https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true")

https = Net::HTTP.new(url.host, url.port)
https.use_ssl = true

request = Net::HTTP::Get.new(url)

response = https.request(request)
puts response.read_body


Copy

                        

var requestOptions = {
  method: 'GET',
  redirect: 'follow'
};

fetch("https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

Copy

                        

var client = new RestClient("https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true");
client.Timeout = -1;
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

Copy

                        

package main

import (
  "fmt"
  "net/http"
  "io/ioutil"
)

func main() {

  url := "https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

Copy

                        

CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
  curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "GET");
  curl_easy_setopt(curl, CURLOPT_URL, "https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true");
  curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
  curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
  struct curl_slist *headers = NULL;
  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
  res = curl_easy_perform(curl);
}
curl_easy_cleanup(curl);


Copy

                        

import Foundation
#if canImport(FoundationNetworking)
import FoundationNetworking
#endif

var semaphore = DispatchSemaphore (value: 0)

var request = URLRequest(url: URL(string: "https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    semaphore.signal()
    return
  }
  print(String(data: data, encoding: .utf8)!)
  semaphore.signal()
}

task.resume()
semaphore.wait()


Copy

                        

Response

Live SSL Certificate API provides response in JSON/XML formats. You can pass format as parameter to consume API in your required format. Default format is JSON. Following is the complete SSL Certificate data response format.


{
    "domainName": "whoisfreaks.com",
    "queryTime": "2022-11-24 06:59:05",
    "sslCertificates": [
        {
            "chainOrder": "end-user",
            "authenticationType": "domain",
            "validityStartDate": "2022-09-30 05:33:58 UTC",
            "validityEndDate": "2022-12-29 05:33:57 UTC",
            "serialNumber": "03:ae:75:41:57:24:35:af:33:01:38:15:47:6e:4a:bf:0d:6a",
            "signatureAlgorithm": "SHA256-RSA",
            "subject": {
                "commonName": "whoisfreaks.com"
            },
            "issuer": {
                "commonName": "R3",
                "organization": "Let's Encrypt",
                "country": "US"
            },
            "publicKey": {
                "keySize": "2048 bit",
                "keyAlgorithm": "RSA",
                "pemRaw": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr72X7GNcnc5ysVRebBlfO9i94nZCFihvR3anhutttebaIPcuRvHpYqeHyu9G5fP5JegZJuGVBNJzfPpcN1HO9zFEBQ1fmlwooiXX6szgS9iUlS7xCEvhQt9ipmc1z11DeGNyeQq9IchUHasdO8z+X8vX/C+88If9QBJdXQcEvxS2x11xhMlR/T8hYKrrThngOhUAy+vMpK0hFvr602lYHgS7kfZm3NHCL18a1LFcGq/jBGoS7jqrSGC1biLNKsW23OvVeMl2y6orFu9Y3GVkbHxtPtLz3P584HK8Z/yAcVAfhoS2rctfcLjmQZisZyqembsGEYPDchBQ9aw2JPd2LwIDAQAB\n-----END PUBLIC KEY-----\n"
            },
            "extensions": {
                "authorityKeyIdentifier": "14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6",
                "subjectKeyIdentifier": "80:3A:A3:17:87:E3:3C:EE:F4:FB:9E:A4:39:B0:99:29:24:BE:CD:F6",
                "keyUsages": [
                    "Digital Signature",
                    "Key Encipherment"
                ],
                "extendedKeyUsages": [
                    "TLS Web Server Authentication",
                    "TLS Web Client Authentication"
                ],
                "authorityInfoAccess": {
                    "issuers": [
                        "http://r3.i.lencr.org/"
                    ],
                    "ocsp": [
                        "http://r3.o.lencr.org"
                    ]
                },
                "subjectAlternativeNames": {
                    "dnsNames": [
                        "whoisfreaks.com",
                        "billing.whoisfreaks.com"
                    ]
                },
                "certificatePolicies": [
                    {
                        "policyId": "2.23.140.1.2.1"
                    },
                    {
                        "policyId": "1.3.6.1.4.1.44947.1.1.1",
                        "policyQualifier": {
                            "oid": "1.3.6.1.5.5.7.2.1",
                            "cpsUri": "http://cps.letsencrypt.org"
                        }
                    }
                ]
            },
            "pemRaw": "-----BEGIN CERTIFICATE-----\nMIIFPTCCBCWgAwIBAgISA651QVckNa8zATgVR25Kvw1qMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMjA5MzAwNTMzNThaFw0yMjEyMjkwNTMzNTdaMBoxGDAWBgNVBAMTD3dob2lzZnJlYWtzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+9l+xjXJ3OcrFUXmwZXzvYveJ2QhYob0d2p4brbbXm2iD3Lkbx6WKnh8rvRuXz+SXoGSbhlQTSc3z6XDdRzvcxRAUNX5pcKKIl1+rM4EvYlJUu8QhL4ULfYqZnNc9dQ3hjcnkKvSHIVB2rHTvM/l/L1/wvvPCH/UASXV0HBL8UtsddcYTJUf0/IWCq604Z4DoVAMvrzKStIRb6+tNpWB4Eu5H2ZtzRwi9fGtSxXBqv4wRqEu46q0hgtW4izSrFttzr1XjJdsuqKxbvWNxlZGx8bT7S89z+fOByvGf8gHFQH4aEtq3LX3C45kGYrGcqnpm7BhGDw3IQUPWsNiT3di8CAwEAAaOCAmMwggJfMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgDqjF4fjPO70+56kObCZKSS+zfYwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wMwYDVR0RBCwwKoIXYmlsbGluZy53aG9pc2ZyZWFrcy5jb22CD3dob2lzZnJlYWtzLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABg40aDsEAAAQDAEcwRQIhAIXlo4U/tO48FBOZ+HDGPDTIqO6OQq9o5JRWQ1qiZ6XRAiAeg1bETWNZjPkKNoSaTpusGr72Q1WzM5CpmPch6yOhuQB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABg40aDvAAAAQDAEcwRQIhANW/qmnuZqzhCvsaRIDGpqo9MN+HVf6vnUWVjgR6cmzDAiADE7M0/ZfyWnF5DmD08sxSs7Ygz4pO5WJ74Xp81r38QDANBgkqhkiG9w0BAQsFAAOCAQEAO6U+zUW+8mDyZlXA0W0gkrSIX8Hv+1FgY+FYsk4/rTu+nj6bEEEPm7PfMVcmkaNfGEBZaupuNy/Qwnv/Om7rhrOCz1BXok2gB539mRqdDWQRViKxb48srVY/HzLr1YE6l38gdJ2rdUgP7UmoxbwWyZ3sivi0o407wKUFAEHK/QQLt6zKIyWqwk3MiPjRqtaei0tLqmUCUOucBkCW83jHGmLnR4TjkIkdZlSPwSome/h8//6N8sJw2DtHVXfMxOgDa+dP5uMSGPugCnziJ5Uz7KT0PbaKp2hfVA0GK0+VQUT/Wlmciq9LnUF1cFVNdskptscjUGWr9tf8Fk7KPX05zw==\n-----END CERTIFICATE-----\n"
        }
    ]
}

            


HTTP Error Codes

Below mentioned possible type of error and desc.

HTTP Code
Error Message
404 No Ssl Certificate exists for this Domain 400 Please pass domain param correct value[For Technical Support: support@whoisfreaks.com] 401 Provided API key is invalid. [For Technical Support: support@whoisfreaks.com] 401 Provided API key is inactive. [For Technical Support: support@whoisfreaks.com] 401 Please buy subscription plan or add api credits then use this api key. [For Technical Support: support@whoisfreaks.com] 413 You have exceeded the limit of api credits requests [allowed_request_no].Please upgrade your plan [For Technical Support: support@whoisfreaks.com] 412 You have exceeded the limit of api plan requests and your subscription canceled.Please contact our technical support team: support@whoisfreaks.com] 413 You have exceeded the limit of Surcharge Requests [allowed_surcharge_request_no]. Please upgrade your plan [For Technical Support: support@whoisfreaks.com] 401 Your subscription is deactivated.Please buy new plan or add api credits for using whoisfreaks api's [For Technical Support: support@whoisfreaks.com] 401 Your subscription is deactivated due to many time payment failure.Please buy new plan or add api credits for using whoisfreaks api's 401 Your account is deactivated.[For Technical Support: support@whoisfreaks.com] 429 Please slow down.Your maximum request limit per minute reached. 500 Internal Server Error occurred [For Technical Support: support@whoisfreaks.com]. 503 Service is unavailable. Please try after some time or contact support@whoisfreaks.com. 504 Request is timed-out. Please contact at support@whoisfreaks.com.

Credits Usage API

You need credits in order to use Whoisfreaks API. Live SSL Certificate Lookup service will charge 1 credit per successfull query for a domain without chaining. With chaining enabled, 1 credit will be charge for every 2 certificates in the response. You can fetch credits usage and remaining credits information through an API.

GET https://api.whoisfreaks.com/v1.0/whoisapi/usage?apiKey=API_KEY Copy
Copied

Input parameters: required

apiKey Get your API key from our billing dashboard.

Input parameters: optional

format Two formats are available JSON, XML. If you don't pass 'format' parameter, default format is JSON.


Response

You can get API key from our billing dashboard.

                    
{
    "apiKey": "API_KEY",
    "apiCredits": {
        "totalCredits": 1020079,
        "servedRequest": 1533
    },
    "apiSubscription": {
        "subscriptionStatus": "deactivated",
        "requestLimit": 0,
        "servedRequests": 18,
        "surchargeRequestLimit": 0,
        "servedSurchargeRequests": 0
    }
}
                    
        

FAQs

What is the SSL certificate?

SSL (Secure Sockets Layer) is a cryptographic protocol that ensures data transferred between the web browser and the web server remains private. It also prevents cybercriminals from reading and modifying any transaction done between them such as the transmission of sensitive information like credit card while doing online shopping.



What is meant by SSL Certificate Chain?

The SSL chain is a list of certificates used to authenticate an end-user. The path, begins with the certificate of that end-user and each cert in the chain is signed by the entity identified by the next cert in the chain. The chain ends with a root CA cert. The signatures of all certs in the chain must be verified until the root CA certificate is reached.



Which TLDs are supported by your system?

All available TLDs are supported by SSL certificate lookup API.



Do you have notification service when API credits are near to an end?

Yes, we will inform you via an email. We send notification email on 80%,90%,100% usage. You can get credits/ subscription usage information from our billing portal or through API.



What happened if API credits have been utilized and my system is using whois API?

We provide surcharge requests on all active API credits subscriptions. You can fetch credits and surcharge requests information through our API. Each subscription plan has different surcharge requests limit.



Do you charge credit on 4xx error status codes in response?

No, We do not charge credits on 4xx status codes in response. All Whois APIs follow same rule for 4xx status codes in response.



What is the number of free API credits available for new users, and are these credits rate-limited?

We will provide 500 API credits to new users and yes, those credits have a rate-limiting of 10 requests per minute for Live APIs, 5 requests per minute for Bulk Domain Lookup, and 1 request per minute for Reverse/Historical Endpoints.



What is meant by Live Lookup endpoint and how much data latency does it offer?

Our Live Lookup API offers real-time access to various endpoints, including domain whois, SSL and DNS data. By directly connecting to authoritative sources, this API ensures that you receive the most current and up-to-date information, eliminating data latency.



Do you have rate limiting on number of requests being made on your paid plans?

Yes, we have rate limiting on requests being made on all of our paid plans. The requests limit is shown in the following table.
The Table is divided into three types of plans:

1) API Credits

Credits live-rpm bulk-rpm historical/reverse-rpm
5000 20 8 3
15000 35 12 5
50000 80 20 10
150000 120 25 15
450000 150 35 20
1000000 200 50 25
3000000 300 70 35

2) API Subscription

Credits live-rpm bulk-rpm historical/reverse-rpm
5000 20 8 3
15000 35 12 5
50000 80 20 10
150,000 120 25 15
450,000 150 35 20
1,000,000 200 50 25
3,000,000 300 70 35

  • live-rpm: API requests per minute limit for live Whois lookup API, domain availability API, SSL certificate lookup API, and DNS lookup API endpoints.
  • bulk-rpm: API requests per minute limit for bulk domain Whois lookup API endpoint.
  • historical/reverse-rpm: API requests per minute limit for historical, and reverse Whois API endpoints.
In case, the request per minute exceeds, it'll throw an error with HTTP error code of 429.



Do you provide any headers in API response regarding rate limiting?

Yes, there are following three header parameters in the response:

  • X-RateLimit-Allowed-Requests (Tells the max allowed API requests per minute on a specific plan)
  • X-RateLimit-Remaining-Requests (Tells the remaining API requests per minute for that plan)
  • X-RateLimit-Remaining-Time (Tells after how much time the API requests per minute will be reset)