ESC
🔒

SSL/TLS Certificate Inspector

Inspect a domain's SSL/TLS certificate — issuer, expiry, SANs, cipher suite.

GET /v1/certificate 
curl "https://dns.toolkitapi.io/v1/certificate?domain=github.com"

import httpx

resp = httpx.get(
    "https://dns.toolkitapi.io/v1/certificate?domain=github.com",
)
print(resp.json())
const resp = await fetch("https://dns.toolkitapi.io/v1/certificate?domain=github.com", {
});
const data = await resp.json();
console.log(data);
# See curl example
Response 200 OK 
{
  "domain": "github.com",
  "issued_to": "github.com",
  "issuer": "DigiCert Inc",
  "serial_number": "0A:06:30:42:7F:5B:2C:EF:F5:2D:47:33:44:82:E5:51",
  "valid_from": "2024-03-07T00:00:00",
  "valid_until": "2025-03-12T23:59:59",
  "days_remaining": 187,
  "expired": false,
  "subject_alt_names": ["github.com", "www.github.com"],
  "signature_algorithm": "sha256WithRSAEncryption",
  "protocol_version": "TLSv1.3",
  "cipher": "TLS_AES_128_GCM_SHA256",
  "key_size": 2048,
  "query_time_ms": 145.9
}

Try It Live

Live Demo

Description

Inspect a domain's SSL/TLS certificate — issuer, expiry, SANs, cipher suite.

How to Use

1

1. Pass the domain in the `domain` parameter. 2. Optionally set `port` if the service runs on a non-standard port (default: 443). 3. Check `days_remaining` and `expired` for certificate health.

About This Tool

SSL/TLS Certificate Inspector connects to a domain and inspects its certificate. It returns the issuer, validity dates, days until expiry, Subject Alternative Names (SANs), protocol version, cipher suite, and key size.

Why Use This Tool

Frequently Asked Questions

Can I check certificates on non-standard ports?
Yes — set the `port` parameter (e.g. `port=8443` for an alternative HTTPS port).
Does this validate the certificate chain?
The API inspects the presented certificate. Chain validation is implicit in the TLS handshake.

Start using SSL/TLS Certificate Inspector now

Get your free API key and make your first request in under a minute.

Get Free API Key View Docs