Check TLS Certificate
Check TLS certificate for a domain. Results are cached for 30 minutes by default.
Parameters
Section titled “ Parameters ”Query Parameters
Section titled “Query Parameters ”Query param alternative to body
Request Body required
Section titled “Request Body required ”object
Domain to check (e.g., example.com)
Example
example.comAlternative to domain
Example
example.comEnable revocation check (OCSP/CRL). Default: false
Responses
Section titled “ Responses ”Certificate details
Certificate details
object
Checked hostname
Connection port (443)
Whether certificate is valid
Error message if invalid
TLS protocol version (e.g., TLSv1.3)
Cipher suite details
object
Cipher name
Cipher version
Standard cipher name
Certificate subject details
object
Certificate issuer details
object
Certificate subject CN
Certificate issuer CN
Revocation status (only when revocationCheck is enabled)
object
Good, revoked, unknown, or error
Ocsp or crl
Revocation reason if revoked
ISO timestamp when revocation was checked
Subject Alternative Names
Certificate valid from date
Certificate valid until date
SHA-256 fingerprint
Certificate serial number
PEM-encoded certificate
Bad Request - Invalid domain or payload
Bad Request - Invalid domain or payload
object
Rate Limit Exceeded
Rate Limit Exceeded
object
Example
Rate limit exceededHeaders
Section titled “Headers ”Seconds to wait before retrying
Maximum requests per window
Remaining requests in window
Unix timestamp when the rate limit resets
Bad Gateway - Failed to connect to target host
Bad Gateway - Failed to connect to target host