Unknown Certificate Webhook

Overview

You can configure Cert Spotter to invoke a webhook when it detects an unknown certificate for one of your monitored domains.

Unknown Certificate Object

Cert Spotter posts a JSON object containing the following fields:

id string The ID of the certificate issuance.
html_url string The URL of a web page describing the certificate issuance.
endpoints array Your monitored endpoints for which this certificate is valid. Each endpoint is represented by an object with the following fields:
dns_name string The DNS name of the endpoint
monitored_domain string The name of the monitored domain object which matches the endpoint
wildcard boolean True if and only if the endpoint's DNS name corresponds to a wildcard DNS name in the certificate rather than the literal DNS name
issuance object The issuance object describing the certificate. The following fields are expanded: dns_names, issuer, issuer.website, issuer.caa_domains, problem_reporting, cert_der.

Notes

  • Your webhook URL can include a username and password for HTTP Basic Authentication. We recommend you use this to verify that incoming webhooks requests are really from SSLMate.
  • A webhook request is considered successful if your endpoint returns an HTTP status code in the range 200-299 within 15 seconds.
  • HTTP redirects are not followed. If your endpoint returns a redirect, it is considered a failure.
  • It is possible for the same webhook request to be delivered more than once to your endpoint if there is a network problem. If you need to suppress duplicate requests, you can use the Idempotency-Key HTTP header, whose value uniquely identifies the request.
  • If a webhook request fails, we will reach out to you over email and can retry the request at your behest. In the future we will automate the process of retrying requests and notifying you of failures.

Example

If you are monitoring sslmate.com (including subdomains), and Cert Spotter detects an unknown certificate valid for packages.sslmate.com and software.sslmate.com, we will post the following JSON object to your webhook endpoint:

{ "id": "2715166372", "html_url": "https://sslmate.com/console/monitoring/issuances/2715166372", "endpoints": [ {"dns_name":"packages.sslmate.com", "monitored_domain":".sslmate.com", "wildcard":false}, {"dns_name":"software.sslmate.com", "monitored_domain":".sslmate.com", "wildcard":false} ], "issuance": { "id":"2715166372", "tbs_sha256":"4dc65f49ec2b0f1b7120207000d8ed3dd94465e89dfe9210715ddc82a8ff4f18", "cert_sha256":"69fb7252f3cd5c052db8325cf82dc40bd72ed01525f2301f804765be8d62ae43", "dns_names":["packages.opsmate.com","packages.sslmate.com","software.sslmate.com"], "pubkey_sha256":"36487345ef0c9a7aa10047ab32d64c1617f85163120e7d07187aa443729eebb4", "issuer": { "friendly_name":"Sectigo", "website":"https://sectigo.com/", "caa_domains":["sectigo.com","comodo.com","comodoca.com","usertrust.com","trust-provider.com"], "pubkey_sha256":"e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8", "name":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA" }, "not_before":"2021-07-13T00:00:00Z", "not_after":"2022-08-12T23:59:59Z", "revoked":false, "problem_reporting":"To revoke one or more certificates issued by Sectigo for which you (i) are the Subscriber or (ii) control the domain or (iii) have in your possession the private key, you may use our automated Revocation Portal here:\u000A ?? https://secure.sectigo.com/products/RevocationPortal\u000A\u000ATo programatically revoke one or more certificates issued by Sectigo for which you have in your possession the private key, you may use the ACME revokeCert method at this endpoint:\u000A ?? ACME Directory: https://acme.sectigo.com/v2/keyCompromise\u000A ?? revokeCert API: https://acme.sectigo.com/v2/keyCompromise/revokeCert\u000A\u000ATo report any other abuse, fraudulent, or malicious use of Certificates issued by Sectigo, please send email to:\u000A ?? For Code Signing Certificates: signedmalwarealert[at]sectigo[dot]com\u000A ?? For Other Certificates (SSL/TLS, S/MIME, etc): sslabuse[at]sectigo[dot]com", "cert_der":"MIIGXjCCBUagAwIBAgIRANGDUcOJZoJp7S72GasnH94wDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0yMTA3MTMwMDAwMDBaFw0yMjA4MTIyMzU5NTlaMB8xHTAbBgNVBAMTFHBhY2thZ2VzLm9wc21hdGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MjDQGnSRX2f9TtFOpKmBcQ1MvILhs6nkXffzXI3+UXMhb080wSiC1MDiijbb6SzfBje4B1h6mvlQ/bF1vHtMU8uKcM+bRKyqZafFIU88BM/5E7DpanHxoY6xqLCy++CcFnrrO2LlTsZUS1a7BNGpPZMJ1DFcLpx5hM+7yN3YgLX/zfUlCQJMWSyF/8KiGb4k20nTsbFOQ2XeTl2TLYLJgdT/qg0+XZG0lQuonmTtQMHb7ATF954lmKzS7rDcEid3qSMOKuvuAZFZ2ePuOHpARJRXSadLukJWsu0HVIansrfsTvgyrAsgMMRJ+J7VE8Y7AKcLy7HVsoEUOci9QL72QIDAQABo4IDIjCCAx4wHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5mwXhuAGNYeEwHQYDVR0OBBYEFCzmCVy1ii/T4zO5knL81LasE9VfMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF6nTpW0gAABAMARjBEAiBBm259M/bSxzUdZntxGnkIxAPSAR6u2kcYETRDfr+3AQIgTnDf3mb3Sz5tAP0DcvKOizw9QDWlxsXg/eT5KcgwEF4AdgBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAXqdOlafAAAEAwBHMEUCIQDz2y3DIa4emvSPHUdeyAvcLAtLdIA2/mpukhjwpPS6EgIgEnMoL73FXMSnGfmeUJmnvGsOFar4pIlqAY47jqrpmokAdwApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAXqdOlZ7AAAEAwBIMEYCIQCLNO4Zhvbi7v15NrTVzdq1xW5WBTAK33ekUCe0oceAlQIhAJYCELC2EfGAFDnbKBxF4a9Lv/nwtKb+UPRtUjg3pXH8MEsGA1UdEQREMEKCFHBhY2thZ2VzLm9wc21hdGUuY29tghRwYWNrYWdlcy5zc2xtYXRlLmNvbYIUc29mdHdhcmUuc3NsbWF0ZS5jb20wDQYJKoZIhvcNAQELBQADggEBAHVML6LJMhRzXcMIWxx9PHZoRe4dTZQdGBFHWCIlnrFNumIRCJPFly8V7PxqKrQxWy+Y7+mBQKN3Pzme8RwG8x1TQTOKBP3iRLsf0Qp2FvJfqd78LSSX2ZH0Zl1FKbJb/0U/Y8MjeGbGFdeZCr1/uOvUAJFtIlgNyS9u4iqN5bGihh0alsdX/Hsp5YQEStm6C+iSJm7CTVJqsuuoD8gHJJJzk0HK0gCmM08wNVWvi3uCS2I3sSeLQ/UTMBzqRlKRB6XSRj2ELKZ4iCkbC5rzpb0cu47lO2umr/M6u/mm6cJUYUZnw8Y5kFB/X2s+wlDN2hFzGCAV9BkTIRtdH899XKk=" } }