SSL Certificates
free/v1/domain/sslAnalyzes the currently active SSL/TLS certificate for a domain per X.509 standards. Returns certificate details including issuer, validity dates, Subject Alternative Names (SANs), key type, certificate type (DV/OV/EV), and self-signed detection. Enriches data with Certificate Transparency (CT) logs via crt.sh for historical context and subdomain discovery.
What It Does
Performs a TLS handshake with the domain and retrieves the active certificate. Extracts issuer organization (CN, O, C), validity period (notBefore/notAfter with days remaining and expiry warning), SANs, wildcard detection, and certificate type classification (DV, OV, or EV based on issuer patterns). Queries crt.sh Certificate Transparency logs for real certificate metadata enrichment. Detects self-signed certificates by comparing subject CN to issuer CN.
Why It's Useful
Certificate monitoring is critical for preventing HTTPS outages — expired certificates cause immediate user-facing errors. SAN analysis reveals related subdomains for asset inventory, issuer tracking ensures only authorized Certificate Authorities (per CAA records) are issuing certificates, and certificate type classification helps verify compliance with organizational security policies. CT log integration provides an independent verification source.
Use Cases
Certificate Expiry Monitoring
Monitor active certificates approaching expiry to prevent service outages caused by expired SSL/TLS certificates.
Prevent HTTPS outages by catching certificate expirations before they impact users.
Subdomain Discovery
Enumerate subdomains by analyzing Subject Alternative Names (SANs) in the active certificate.
Discover related domains and subdomains covered by the same certificate.
Certificate Configuration Audit
Verify certificate key size, algorithm strength, and issuer comply with organizational security policies.
Ensure certificate configurations meet security standards (e.g., RSA 2048+, SHA-256+).
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to analyze the SSL/TLS certificate forExample: example.com |
port | number | Optional | Port to connect to (default: 443)Example: 443 |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
port | number | The port used for connection |
issued_to | object | Certificate subject (common_name, organization, country) |
issued_by | object | Certificate issuer (common_name, organization, country) |
validity | object | Validity period (not_before, not_after, days_remaining, is_valid, is_expiring_soon) |
subject_alt_names | array | Subject Alternative Names (SANs) covered by the certificate |
key | object | Key type inferred from issuer (RSA or ECDSA) |
chain | array | Certificate chain information (subject, issuer) |
is_self_signed | boolean | Whether the certificate is self-signed |
tls_verified | boolean | Whether TLS handshake succeeded (certificate trusted by Cloudflare) |
is_wildcard | boolean | Whether the certificate is a wildcard |
is_ev | boolean | Whether the certificate is Extended Validation |
certificate_type | string | null | Certificate type (DV, OV, EV, or null if undetermined) — heuristic-based |
note | string | Limitations and methodology note |
Code Examples
curl "https://api.edgedns.dev/v1/domain/ssl" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/domain/ssl?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/domain/ssl',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full SSL Certificates guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the SSL Certificates endpoint live in the playground.