SSL Certificate Checker API
Inspect any domain's SSL/TLS certificate programmatically. Get issuer, expiry countdown, SANs, cipher suite, certificate chain, and more — all in a single JSON response.
Try It Live
Enter a domain to inspect its SSL/TLS certificate. This demo calls the same /certificate/check endpoint available in the API.
What You Get
Certificate Details
Subject, issuer, serial number, X.509 version, and signature algorithm. Know exactly who issued the certificate and for which entity.
Expiry Monitoring
Validity dates with days_remaining and is_expired fields. Build automated alerts before certificates expire and cause outages.
TLS Connection Info
TLS version (1.0 through 1.3), negotiated cipher suite, and ALPN protocol. Verify your domains use modern, secure configurations.
Subject Alternative Names
All DNS names, IP addresses, and email addresses covered by the certificate. Discover every domain a certificate protects.
Certificate Chain
Full chain of trust from leaf to root. Identify intermediates, verify chain completeness, and detect misconfigured trust paths.
Key & Signature Info
Public key algorithm (RSA, ECDSA, Ed25519), bit length, key usage flags, and extended key usage. Audit cryptographic strength at scale.
Example API Response
A single GET /certificate/check?url=stripe.com returns all of this:
{
"domain": "stripe.com",
"ip": "104.18.10.39",
"port": 443,
"tls": {
"version": "TLS 1.3",
"cipher_suite": "TLS_AES_128_GCM_SHA256",
"negotiated_protocol": "h2"
},
"certificate": {
"subject": {
"common_name": "stripe.com",
"organization": ["Stripe, Inc."],
"country": ["US"]
},
"issuer": {
"common_name": "DigiCert SHA2 Extended Validation Server CA",
"organization": ["DigiCert Inc"]
},
"not_before": "2026-01-15T00:00:00Z",
"not_after": "2027-01-15T23:59:59Z",
"days_remaining": 289,
"is_expired": false,
"signature_algorithm": "SHA256-RSA",
"public_key": {
"algorithm": "RSA",
"bit_length": 2048
},
"san_domains": ["stripe.com", "www.stripe.com"],
"key_usage": ["Digital Signature", "Key Encipherment"],
"ext_key_usage": ["Server Authentication"]
},
"chain": [
{
"subject": "DigiCert SHA2 Extended Validation Server CA",
"issuer": "DigiCert High Assurance EV Root CA",
"is_ca": true
}
],
"has_tls": true,
"response_ms": 245
}Use Cases
DevOps: Certificate Expiry Alerts
Monitor your domains' certificates and get alerted before they expire. Prevent outages caused by forgotten renewals. Check days_remaining in a cron job and send alerts when it drops below 30.
Security: Asset Inventory
Audit your organization's TLS posture across all domains. Identify weak cipher suites, outdated TLS versions, and certificates approaching expiry. Build compliance reports with real data.
Sales Intelligence: Cert Signals
Certificate data reveals business signals. EV certificates indicate enterprise companies. Let's Encrypt suggests startups. Self-signed certs indicate internal tools. Use these signals in your prospecting pipeline.
Quick Start
curl:
curl -H "X-RapidAPI-Key: YOUR_KEY" \
-H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
"https://detectzestack.p.rapidapi.com/certificate/check?url=stripe.com"Python:
import requests
resp = requests.get(
"https://detectzestack.p.rapidapi.com/certificate/check",
params={"url": "stripe.com"},
headers={
"X-RapidAPI-Key": "YOUR_KEY",
"X-RapidAPI-Host": "detectzestack.p.rapidapi.com",
},
)
cert = resp.json()["certificate"]
print(f"Issuer: {cert['issuer']['organization']}")
print(f"Expires: {cert['not_after']} ({cert['days_remaining']} days)")
print(f"SANs: {', '.join(cert['san_domains'])}")JavaScript (Node.js):
const resp = await fetch(
"https://detectzestack.p.rapidapi.com/certificate/check?url=stripe.com",
{
headers: {
"X-RapidAPI-Key": "YOUR_KEY",
"X-RapidAPI-Host": "detectzestack.p.rapidapi.com",
},
}
);
const { certificate, tls } = await resp.json();
console.log(`TLS: ${tls.version}, Cipher: ${tls.cipher_suite}`);
console.log(`Expires in ${certificate.days_remaining} days`);Included in All Plans
The certificate checker is bundled with tech detection, DNS analysis, and security headers — one API key, one quota.
| Plan | Price | Monthly Requests | Includes |
|---|---|---|---|
| Free | $0/mo | 100 | All endpoints |
| Pro | $9/mo | 1,000 | All endpoints |
| Ultra | $29/mo | 10,000 | All endpoints |
| Mega | $79/mo | 50,000 | All endpoints |
Frequently Asked Questions
What data does the SSL Certificate Checker API return?
Full certificate details including subject and issuer information, validity dates with days-until-expiry, Subject Alternative Names (SANs), TLS version, cipher suite, public key algorithm and size, certificate chain of trust, key usage, OCSP servers, and CRL distribution points.
Does this API validate certificates or just inspect them?
The API inspects certificates without validation. It can retrieve details from expired, self-signed, or misconfigured certificates that a browser would reject. This is intentional — you need to see the data to fix the problem.
How is this different from SSL Labs?
SSL Labs provides deep security grading (A+ to F) for manual testing. DetectZeStack's certificate API is designed for programmatic use at scale: simple JSON response, fast response times (~200-500ms), and bundled with technology detection in a single API key.
Can I monitor certificate expiry?
Yes. The response includes days_remaining and is_expired fields. Set up a scheduled job to check your domains and alert when certificates approach expiry.
Start Checking Certificates
Free tier includes 100 requests/month. No credit card required.
Get Free API Key