SSL Certificate Lookup API: TLS Validation, Certificate Chain & Expiry Monitoring
Fetch the full SSL certificate chain - end-user, intermediate, and root CA for any domain in a single API call. Extract expiry dates for automated monitoring. Detect self-signed certificates for phishing and brand impersonation alerts. Free tier: 500 credits, no card needed.
curl --location --request GET 'https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true'[
{
"domainName": "whoisfreaks.com",
"queryTime": "2024-10-04 07:17:04",
"sslCertificates": [
{
"chainOrder": "end-user",
"authenticationType": "domain",
"validityStartDate": "2024-09-7 23:03:18 UTC",
"validityEndDate": "2024-12-6 23:03:17 UTC",
"serialNumber": "04:8e:90:ab:b3:ec:32:10:1e:de:83:4a:e8:9c:3c:e7:1e:a7",
"signatureAlgorithm": "ECDSA-SHA2384",
"subject": {
"commonName": "whoisfreaks.com"
},
"issuer": {
"commonName": "E6",
"organization": "Let's Encrypt",
"country": "US"
},
"publicKey": {
"keySize": "256 bit",
"keyAlgorithm": "ECDSA"
},
"extensions": {
"authorityKeyIdentifier": "93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2",
"subjectKeyIdentifier": "95:B1:F8:43:43:1B:A9:D9:A0:73:E6:F7:BF:FB:34:D8:DE:69:CC:39",
"keyUsages": [
"Digital Signature"
],
"extendedKeyUsages": [
"TLS Web Server Authentication",
"TLS Web Client Authentication"
],
"authorityInfoAccess": {
"issuers": [
"http://e6.i.lencr.org/"
],
"ocsp": [
"http://e6.o.lencr.org"
]
},
"subjectAlternativeNames": {
"dnsNames": [
"www.whoisfreaks.com",
"whoisfreaks.com"
]
},
"certificatePolicies": [
{
"policyId": "2.23.140.1.2.1"
}
]
}
},
{
"chainOrder": "intermediate",
"authenticationType": "organization",
"validityStartDate": "2024-03-13 00:00:00 UTC",
"validityEndDate": "2027-03-12 23:59:59 UTC",
"serialNumber": "b0:57:3e:91:73:97:27:70:db:b4:87:cb:3a:45:2b:38",
"signatureAlgorithm": "SHA256-RSA",
"subject": {
"commonName": "E6",
"organization": "Let's Encrypt",
"country": "US"
},
"issuer": {
"commonName": "ISRG Root X1",
"organization": "Internet Security Research Group",
"country": "US"
},
"publicKey": {
"keySize": "384 bit",
"keyAlgorithm": "ECDSA"
},
"extensions": {
"authorityKeyIdentifier": "79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E",
"subjectKeyIdentifier": "93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2",
"keyUsages": [
"CRL Sign",
"Digital Signature",
"Certificate Sign"
],
"extendedKeyUsages": [
"TLS Web Server Authentication",
"TLS Web Client Authentication"
],
"authorityInfoAccess": {
"issuers": [
"http://x1.i.lencr.org/"
]
},
"certificatePolicies": [
{
"policyId": "2.23.140.1.2.1"
}
]
}
},
{
"chainOrder": "root",
"authenticationType": "self-signed-ca",
"validityStartDate": "2015-06-4 11:04:38 UTC",
"validityEndDate": "2035-06-4 11:04:38 UTC",
"serialNumber": "82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00",
"signatureAlgorithm": "SHA256-RSA",
"subject": {
"commonName": "ISRG Root X1",
"organization": "Internet Security Research Group",
"country": "US"
},
"issuer": {
"commonName": "ISRG Root X1",
"organization": "Internet Security Research Group",
"country": "US"
},
"publicKey": {
"keySize": "4096 bit",
"keyAlgorithm": "RSA"
},
"extensions": {
"subjectKeyIdentifier": "79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E",
"keyUsages": [
"CRL Sign",
"Certificate Sign"
]
}
}
]
}
]
- 1528+TLDs
- 693M+Active Domains
- 896M+Domains Tracked
- 3759M+WHOIS Records
- 5215M+Host Names
- 15B+DNS Records
