Billions of Certificates, At Your Fingertips
Instantly search Certificate Transparency logs for a domain's SSL certificates using a convenient API.
Easier Than Directly Querying Certificate Transparency Logs
Using SSLMate's Certificate Search API is easier than accessing Certificate Transparency logs directly:
Access Certificate Transparency logs directly
- You need to look for certificates in all 40+ known logs.
- You need to update your log list several times a year when logs are created and destroyed.
- You have to scan the entire contents of each log (over 4 billion entries, or 17TB, in total) just to find the certificates you want.
- You have to deduplicate certificates that are found in multiple logs.
- You have to deduplicate certificates and their equivalent precertificates.
- You have to understand and parse Merkle Tree Leaves to get certificate data.
Use SSLMate's Certificate Search API
- You make an API call to SSLMate with a domain name.
- SSLMate returns certificates for that domain, with useful certificate fields parsed out in a JSON object.
- Indexed by domain name A simple HTTP request returns all known publicly-trusted certificates for a domain name. You can optionally request certificates for sub-domains as well, giving you a picture of an entire domain namespace.
- Incremental monitoring You can remember your position in the response, and query for all certificates added to Certificate Transparency since your last query. You don't have to re-download and re-process certificates you've already seen.
- Deduplicates certificates and precertificates When a certificate is issued, it can appear in multiple Certificate Transparency logs, in the form of a regular certificate, a precertificate, or both. The API returns a single entry for each distinct issuance so you don't have to deduplicate redundant information yourself.
- Reliable access to certificates The API reliably returns all known, unexpired certificates for a domain name, including those that were added to Certificate Transparency before you started monitoring but are not yet expired. It's not a “firehose” that drops certificates if you aren't drinking from it.
$0 / month
100 single-hostname queries / hour
10 full-domain queries / hour
75 queries / minute
5 queries / second
15 second query timeout
Note: rate limits and timeouts may be reduced during periods of high load.
$50 / month
1,000 single-hostname queries / hour
100 full-domain queries / hour
500 queries / minute
10 queries / second
60 second query timeout
$500 / month
10,000 single-hostname queries / hour
1,000 full-domain queries / hour
2,000 queries / minute
20 queries / second
90 second query timeout
Need more queries? Contact us.
A single-hostname query is a query which returns certificates
for a single specific hostname. (The
A full-domain query is a query which returns certificates
for all descendant sub-domains of the queried domain. (The
For $250/month, get real-time access to all certificates as they are added to Certificate Transparency logs. Sign up
Provisioned indexes speed up full-domain queries of domains which have a large number of certificates. Provisioned indexes start at $100/month per domain. Contact us for a quote.
Looking For Turnkey Monitoring?
No time to code? We'll send you a spreadsheet.
We can provide a spreadsheet listing all certificates for the domains you want to search. We can provide a one-time report, or recurring reports of all new certificates since the last report. For a quote, contact us with the number of domains and what certificate fields you are interested in (domain names, issuer, expiration, etc.).