One Billion Certificates, At Your Fingertips

Instantly search Certificate Transparency logs for a domain's SSL certificates using a convenient API.

GET
Free for 100 queries / hour

Easier Than Directly Querying Certificate Transparency Logs

SSLMate ingests over 10 million certificates every day from 40+ Certificate Transparency logs, and indexes them by domain name. You can retrieve certificates by domain name using a simple JSON API.

Using SSLMate's Certificate Search API is easier than accessing Certificate Transparency logs directly:

Access Certificate Transparency logs directly

  • You need to look for certificates in all 40+ known logs.
  • You need to update your log list several times a year when logs are created and destroyed.
  • You have to scan the entire contents of each log (over 4 billion entries, or 17TB, in total) just to find the certificates you want.
  • You have to deduplicate certificates that are found in multiple logs.
  • You have to deduplicate certificates and their equivalent precertificates.
  • You have to understand and parse Merkle Tree Leaves to get certificate data.

Use SSLMate's Certificate Search API

  • You make an API call to SSLMate with a domain name.
  • SSLMate returns certificates for that domain, with useful certificate fields parsed out in a JSON object.

Features

  • Indexed by domain name A simple HTTP request returns all known publicly-trusted certificates for a domain name. You can optionally request certificates for sub-domains as well, giving you a picture of an entire domain namespace.
  • Incremental monitoring You can remember your position in the response, and query for all certificates added to Certificate Transparency since your last query. You don't have to re-download and re-process certificates you've already seen.
  • Deduplicates certificates and precertificates When a certificate is issued, it can appear in multiple Certificate Transparency logs, in the form of a regular certificate, a precertificate, or both. The API returns a single entry for each distinct issuance so you don't have to deduplicate redundant information yourself.
  • Reliable access to certificates The API reliably returns all known, unexpired certificates for a domain name, including those that were added to Certificate Transparency before you started monitoring but are not yet expired. It's not a “firehose” that drops certificates if you aren't drinking from it.

Pricing

Small

$0 / month

Get Started

100 single-hostname queries / hour

10 full-domain queries / hour

75 queries / minute

5 queries / second

Medium

$50 / month

Get Started

1,000 single-hostname queries / hour

100 full-domain queries / hour

500 queries / minute

10 queries / second

Large

$500 / month

Get Started

10,000 single-hostname queries / hour

1,000 full-domain queries / hour

2,000 queries / minute

20 queries / second

Need more queries? Contact us.

A single-hostname query is a query which returns certificates for a single specific hostname. (The include_subdomains parameter is false.)

A full-domain query is a query which returns certificates for all descendant sub-domains of the queried domain. (The include_subdomains parameter is true.)

Provisioned Indexes

Provisioned indexes speed up full-domain queries of domains which have a large number of certificates. Provisioned indexes start at $100/month per domain. Contact us for a quote.

Looking For Turnkey Monitoring?

Cert Spotter is an all-in-one certificate monitoring solution that alerts you about unauthorized, expiring, and invalid certificates for your domains, powered by the same Certificate Transparency data. No coding required. Learn More