Billions of Certificates, At Your Fingertips
Instantly search Certificate Transparency logs for a domain's SSL certificates using a convenient API.
Easier Than Directly Querying Certificate Transparency Logs
SSLMate ingests over 10 million certificates every day from 40+ Certificate Transparency logs, and indexes them by domain name. You can retrieve certificates by domain name using a simple JSON API.
Using SSLMate's Certificate Search API is easier than accessing Certificate Transparency logs directly:
Access Certificate Transparency logs directly
- You need to look for certificates in all 40+ known logs.
- You need to update your log list several times a year when logs are created and destroyed.
- You have to scan the entire contents of each log (over 4 billion entries, or 17TB, in total) just to find the certificates you want.
- You have to deduplicate certificates that are found in multiple logs.
- You have to deduplicate certificates and their equivalent precertificates.
- You have to understand and parse Merkle Tree Leaves to get certificate data.
Use SSLMate's Certificate Search API
- You make an API call to SSLMate with a domain name.
- SSLMate returns certificates for that domain, with useful certificate fields parsed out in a JSON object.
Features
- Indexed by domain name A simple HTTP request returns all known publicly-trusted certificates for a domain name. You can optionally request certificates for sub-domains as well, giving you a picture of an entire domain namespace.
- Incremental monitoring You can remember your position in the response, and query for all certificates added to Certificate Transparency since your last query. You don't have to re-download and re-process certificates you've already seen.
- Deduplicates certificates and precertificates When a certificate is issued, it can appear in multiple Certificate Transparency logs, in the form of a regular certificate, a precertificate, or both. The API returns a single entry for each distinct issuance so you don't have to deduplicate redundant information yourself.
- Reliable access to certificates The API reliably returns all known, unexpired certificates for a domain name, including those that were added to Certificate Transparency before you started monitoring but are not yet expired. It's not a “firehose” that drops certificates if you aren't drinking from it.
Pricing
Small
$0 / month
100 single-hostname queries / hour
10 full-domain queries / hour
75 queries / minute
5 queries / second
15 second query timeout
Note: rate limits and timeouts may be reduced during periods of high load.
Medium
$50 / month
1,000 single-hostname queries / hour
100 full-domain queries / hour
500 queries / minute
10 queries / second
60 second query timeout
Large
$500 / month
10,000 single-hostname queries / hour
1,000 full-domain queries / hour
2,000 queries / minute
20 queries / second
90 second query timeout
A single-hostname query is a query which returns certificates
for a single specific hostname. (The include_subdomains parameter
is false.)
A full-domain query is a query which returns certificates
for all descendant sub-domains of the queried domain. (The include_subdomains
parameter is true.)
Firehose Access
For $1,000/month, access a continuous stream of all certificates as they are added to Certificate Transparency logs. Sign up
Provisioned Indexes
Provisioned indexes speed up full-domain queries of domains which have a large number of certificates. Provisioned indexes start at $100/month per domain. Contact us for a quote.
Looking For Turnkey Monitoring?
Cert Spotter is an all-in-one certificate monitoring solution that alerts you about unauthorized, expiring, and invalid certificates for your domains, powered by the same Certificate Transparency data. No coding required. Learn More
No time to code? We'll send you a spreadsheet.
We can provide a spreadsheet listing all certificates for the domains you want to search. We can provide a one-time report, or recurring reports of all new certificates since the last report. For a quote, contact us with the number of domains and what certificate fields you are interested in (domain names, issuer, expiration, etc.).