Output format | Documentation | SSL Certificate Chain API | WhoisXML API

Output format

{
    "auditCreated": "2022-02-16 07:29:50 UTC",
    "domain": "gmail.com",
    "ip": "142.250.179.197",
    "port": 443,
    "certificates": [
        {
            "chainHierarchy": "end-user",
            "validationType": "domain",
            "validFrom": "2022-01-17 03:05:49 UTC",
            "validTo": "2022-04-11 03:05:48 UTC",
            "serialNumber": "D4:7F:65:8B:56:C6:15:78:0A:00:00:00:01:2F:92:52",
            "signatureAlgorithm": "SHA256-RSA",
            "subject": {
                "commonName": "gmail.com"
            },
            "issuer": {
                "country": "US",
                "organization": "Google Trust Services LLC",
                "commonName": "GTS CA 1C3"
            },
            "pem": "-----BEGIN CERTIFICATE-----\nMIIEizCCA3OgAwIBAgIRANR/ZYtWxhV4CgAAAAEvklIwDQYJKoZIhvcNAQELBQAw\nRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM\nTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjIwMTE3MDMwNTQ5WhcNMjIwNDEx\nMDMwNTQ4WjAUMRIwEAYDVQQDEwlnbWFpbC5jb20wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATEEtsEdZEunw+xUi15iv/SIC8hO65MsvyOf+947iJD+aM4WoHZDtXs\nRpM30zMDvXJjQXBvZa70U1lCyeMPlevzo4ICbzCCAmswDgYDVR0PAQH/BAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFP/e\nVTU773LjLFrU0OVwXP/V6VKJMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNx\nNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtp\nLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9j\nZXJ0cy9ndHMxYzMuZGVyMCEGA1UdEQQaMBiCCWdtYWlsLmNvbYILKi5nbWFpbC5j\nb20wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAz\nMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvemRBVHQwRXhfRmsu\nY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUARqVV63X6kSAwtaKJafTzfREs\nQXS+/Um4havy/HD+bUcAAAF+ZjZy4gAABAMARjBEAiBlz+EecX8873Z2zwTW+bJ9\n01P4rpw44eYxuSne080y5gIgYhfbqUIuPhS7HySr5Tl2Zjuz00g3t4X3WBDLyIxB\no+MAdwBRo7D1/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX5mNnDcAAAE\nAwBIMEYCIQCFF8I5TdmkybQH148AnfXgLKtd/fVzkLRL/s+389JrygIhAIGi2+XM\n3PRTXl1chmBODT5eU87a5d8M+Ce5SYKIizr8MA0GCSqGSIb3DQEBCwUAA4IBAQAV\n8k1aQFFutaL5OhUbYb7kKAz8UX8WkVv1EZaHqni/+zHcWDgwxmXLY5N/Blijv+tX\neo5I/bQRJDtYS1OviItIWsYoAepsCTOEJxu/l535fYFQhsPtpaD5fPX+HWA1DgVB\nLRlf4Dq1z0rDNUilegqzzs9b3/FTZvEcxZSP46OqSPBtqm23c/ZrmEUhmHLZ9N8M\nCBETNBNp/SLN6hV5sEkj0q4k1Wcm0NZVPl/01o+dzRNOQ68N7qF6xao2/MORsRXu\n093yuzaABE6Ecoo4LrNps+giydM4qAO3MkMrpdkh8KpwexKmXdxNq0infUL/whYW\nbPV5BSROhvHohv3zidtf\n-----END CERTIFICATE-----\n",
            "extensions": {
                "authorityKeyIdentifier": "8A:74:7F:AF:85:CD:EE:95:CD:3D:9C:D0:E2:46:14:F3:71:35:1D:27",
                "subjectKeyIdentifier": "FF:DE:55:35:3B:EF:72:E3:2C:5A:D4:D0:E5:70:5C:FF:D5:E9:52:89",
                "keyUsage": [
                    "Digital Signature"
                ],
                "extendedKeyUsage": [
                    "Server Authentication"
                ],
                "crlDistributionPoints": [
                    "http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crl"
                ],
                "authorityInfoAccess": {
                    "issuers": [
                        "http://pki.goog/repo/certs/gts1c3.der"
                    ],
                    "ocsp": [
                        "http://ocsp.pki.goog/gts1c3"
                    ]
                },
                "subjectAlternativeNames": {
                    "dnsNames": [
                        "gmail.com",
                        "*.gmail.com"
                    ]
                },
                "certificatePolicies": [
                    {
                        "policyIdentifier": "2.23.140.1.2.1",
                        "policyQualifiers": null
                    },
                    {
                        "policyIdentifier": "1.3.6.1.4.1.11129.2.5.3",
                        "policyQualifiers": null
                    }
                ]
            },
            "publicKey": {
                "type": "ECDSA",
                "bits": 256,
                "pem": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExBLbBHWRLp8PsVIteYr/0iAvITuu\nTLL8jn/veO4iQ/mjOFqB2Q7V7EaTN9MzA71yY0Fwb2Wu9FNZQsnjD5Xr8w==\n-----END PUBLIC KEY-----\n"
            }
        },
        { ... },
        { ... },
        { ... },
    ]
}

Output parameters

auditCreated
The date (UTC) when the certificate was collected from the server.
domain
The domain name the certificate chain is returned for.
ip
The IP address to which the SSL connection was established.
port
The port on which the SSL connection was established.
certificates
Array of SSL certificates collected for the domain name. The certificates are sorted from the end-user to the root one.
certificates[0].chainHierarchy
Position in the certificates chain: End-user, Intermediate or Root.
certificates[0].validationType

The certificate's validation type:

  • domain - Domain validation
  • organization - Organization validation
  • extended - Extended validation
  • individual - Individual validation
  • self-signed - Self-signed certificate
  • self-signed-ca - Self-signed CA certificate (typically, it’s the root certificate in the chain)
certificates[0].validFrom
The date and time (UTC) the certificate is valid from.
certificates[0].validTo
The date and time (UTC) the certificate expires.
certificates[0].serialNumber
Uniquely identifies the certificate within Certificate Authority (CA) systems to track revocation information..
certificates[0].signatureAlgorithm
The algorithm used to sign the public key certificate.
certificates[0].subject
The object that contains a distinguished name (DN) of the certificate’s subject (i.e. who the certificate was issued to). Some fields might be omitted since usually DN objects don’t contain all the available fields.
certificates[0].issuer
The object that contains a distinguished name (DN) of the certificate’s issuer (i.e. the one who issued the certificate.).
certificates[0].[issuer|subject].country
(optional) (C) Country
certificates[0].[issuer|subject].organization
(optional) (O) Organization
certificates[0].[issuer|subject].organizationUnit
(optional) Organization unit (OU)
certificates[0].[issuer|subject].locality
(optional) (L) City
certificates[0].[issuer|subject].province
(optional) (S) Province/State
certificates[0].[issuer|subject].streetAddress
(optional) (STREET) Street
certificates[0].[issuer|subject].postalCode
(optional) (PC) Postal code or ZIP-code
certificates[0].[issuer|subject].serialNumber
(optional) (SERIALNUMBER) Certificate serial number
certificates[0].[issuer|subject].commonName
(optional) (CN) Certificate's common name
certificates[0].pem
The PEM-encoded certificate’s raw data
certificates[0].extensions
Available certificate extensions. (RFC 5280
certificates[0].extensions.authorityKeyIdentifier
(optional) The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate.
certificates[0].extensions.subjectKeyIdentifier
(optional) The subject key identifier extension provides a means of identifying certificates that contain a particular public key.
certificates[0].extensions.keyUsage
(optional) The purposes of the key contained in the certificate.
certificates[0].extensions.extendedKeyUsage
(optional) Additional purposes of the key contained in the certificate.
certificates[0].extensions.crlDistributionPoints
(optional) The array of CRL (Certificate revocation list) distribution endpoints for the SSL certificate.
certificates[0].extensions.authorityInfoAccess
(optional) The extensions contains the information regarding the certificate issuers.
certificates[0].extensions.authorityInfo.issuers
(optional) Issuer's resources location.
certificates[0].extensions.authorityInfo.ocsp
(optional) OCSP (Online Certificate Status Protocol) endpoints.
certificates[0].extensions.subjectAlternativeNames
(optional) Alternatives names bound into the certificate.
certificates[0].extensions.subjectAlternativeNames.dnsNames
(optional) Alternative DNS names.
certificates[0].extensions.subjectAlternativeNames.emailAddresses
(optional) Alternative email addresses.
certificates[0].extensions.subjectAlternativeNames.ipAddresses
(optional) Alternative IP addresses.
certificates[0].extensions.subjectAlternativeNames.uris
(optional) Alternative URIs.
certificates[0].extensions.certificatePolicies
(optional) The information regarding the policies under which the certificate was issued and the purposes for which the certificate can be used.
certificates[0].extensions.certificatePolicies[0].policyIdentifier
The OID (object identifier) of the policy.
certificates[0].extensions.certificatePolicies[0].policyQualifiers
(optional) Policy qualifiers.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].policyQualifierId
The OID of the policy’s qualifier.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].cpsUri
(optional) Certification Practice Statement's URI.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice
(optional) User notice related to the certificate. It may be provided either in the form of notice reference or in the form of the explicit text.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice.noticeRef
(optional) Contains the reference to the textual statement related to the certificate.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice.noticeRef.organization
Organization which prepared the notice.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice.noticeRef.noticeNumbers
The identifier of the particular textual statement prepared by the organization.
certificates[0].extensions.certificatePolicies[0].policyQualifiers[0].userNotice.explicitText
The explicit textual statement in the certificate.
certificates[0].publicKey
The certificate’s public key information.
certificates[0].publicKey.type
The public key algorithm.
certificates[0].publicKey.bits
The public key length (bits).
certificates[0].publicKey.pem
The PEM-encoded public key’s raw data.