Certificate Chain
developer/v1/domain/cert-chainValidates the SSL/TLS certificate chain for a domain by performing a TLS handshake and enriching with certificate details from Certificate Transparency logs. Returns the leaf certificate with SANs, expiration, key type, and issuer chain, plus automated issue detection.
What It Does
Performs a TLS handshake to confirm the certificate chain is trusted, then retrieves certificate metadata from Certificate Transparency logs (crt.sh). Returns the leaf certificate details including subject, issuer, SANs, validity dates, days until expiration, key type, and certificate validation level (DV/OV/EV). Detects issues like expired certificates, certificates expiring soon, self-signed leaves, and weak signature algorithms.
Why It's Useful
Expired or misconfigured certificates cause outages and browser warnings. This endpoint lets you monitor certificate expiration, verify deployments, and audit certificate security — all from a single API call. The daysRemaining field enables proactive alerting before certificates expire.
Use Cases
SSL Troubleshooting
Users report certificate warnings. Check if intermediate certificates are properly installed.
Diagnose certificate chain issues causing browser warnings.
Certificate Deployment Verification
After deploying new certificates, verify the complete chain is properly configured.
Catch certificate deployment issues before they affect users.
Security Assessment
Audit certificate chain configuration as part of infrastructure security review.
Document certificate chain security for compliance reporting.
Certificate Expiration Monitoring
Monitor certificate expiration across your domains using the daysRemaining field to trigger alerts before certificates expire.
Prevent outages caused by expired certificates with proactive monitoring.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to validate certificate chain forExample: example.com |
port | number | Optional | Port to connect to (default: 443)Example: 443 |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
port | number | The port used for connection |
chain | array | Certificates in the chain ordered from leaf to root |
chain[].position | number | Zero-indexed position in the chain |
chain[].type | string | Certificate type: leaf, intermediate, or root |
chain[].subject | string | Certificate subject (common name) |
chain[].issuer | string | Certificate issuer |
chain[].validFrom | string | null | Certificate validity start date (ISO 8601), or null if unavailable |
chain[].validTo | string | null | Certificate validity end date (ISO 8601), or null if unavailable |
chain[].daysRemaining | number | null | Days until certificate expires, or null if validity date is unavailable |
chain[].serialNumber | string | null | Certificate serial number, or null if unavailable |
chain[].signatureAlgorithm | string | Signature algorithm (e.g., SHA256withRSA) |
chain[].keyType | string | null | Key type: RSA, ECDSA, or null if unknown |
chain[].certificateType | string | Certificate validation level: DV, OV, EV, or null |
chain[].san | array | Subject Alternative Names (domains covered) |
chain[].isCA | boolean | Whether this is a CA certificate |
chain[].isSelfSigned | boolean | Whether the certificate is self-signed |
isComplete | boolean | Whether the chain is complete |
hasValidRoot | boolean | Whether chain leads to a trusted root CA |
chainLength | number | Number of certificates in the chain |
issues | array | Chain validation issues: expired, expiring_soon, not_yet_valid, self_signed_leaf, weak_signature, domain_name_mismatch, chain_partial, chain_incomplete |
timestamp | string | ISO 8601 timestamp of when the analysis was performed |
Code Examples
curl "https://api.edgedns.dev/v1/domain/cert-chain" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/domain/cert-chain?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/domain/cert-chain',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full Certificate Chain guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the Certificate Chain endpoint live in the playground.