Skip to content

Billions of Certificates, At Your Fingertips

Instantly search Certificate Transparency logs for a domain's SSL certificates using a convenient API.

GET
Free for 100 queries / hour

Easier Than Directly Querying Certificate Transparency Logs

SSLMate ingests over 10 million certificates every day from 40+ Certificate Transparency logs, and indexes them by domain name. You can retrieve certificates by domain name using a simple JSON API.

Using SSLMate's Certificate Search API is easier than accessing Certificate Transparency logs directly:

Access Certificate Transparency logs directly

  • You need to look for certificates in all 40+ known logs.
  • You need to update your log list several times a year when logs are created and destroyed.
  • You have to scan the entire contents of each log (over 4 billion entries, or 17TB, in total) just to find the certificates you want.
  • You have to deduplicate certificates that are found in multiple logs.
  • You have to deduplicate certificates and their equivalent precertificates.
  • You have to understand and parse Merkle Tree Leaves to get certificate data.

Use SSLMate's Certificate Search API

  • You make an API call to SSLMate with a domain name.
  • SSLMate returns certificates for that domain, with useful certificate fields parsed out in a JSON object.

Features

  • Indexed by domain name A simple HTTP request returns all known publicly-trusted certificates for a domain name. You can optionally request certificates for sub-domains as well, giving you a picture of an entire domain namespace.
  • Incremental monitoring You can remember your position in the response, and query for all certificates added to Certificate Transparency since your last query. You don't have to re-download and re-process certificates you've already seen.
  • Deduplicates certificates and precertificates When a certificate is issued, it can appear in multiple Certificate Transparency logs, in the form of a regular certificate, a precertificate, or both. The API returns a single entry for each distinct issuance so you don't have to deduplicate redundant information yourself.
  • Reliable access to certificates The API reliably returns all known, unexpired certificates for a domain name, including those that were added to Certificate Transparency before you started monitoring but are not yet expired. It's not a “firehose” that drops certificates if you aren't drinking from it.

Pricing

Small

$0 / month

Get Started

100 single-hostname queries / hour

10 full-domain queries / hour

75 queries / minute

5 queries / second

15 second query timeout

Note: rate limits and timeouts may be reduced during periods of high load.

Medium

$50 / month

Get Started

1,000 single-hostname queries / hour

100 full-domain queries / hour

500 queries / minute

10 queries / second

60 second query timeout

Large

$500 / month

Get Started

10,000 single-hostname queries / hour

1,000 full-domain queries / hour

2,000 queries / minute

20 queries / second

90 second query timeout

Need more queries? Contact us.

A single-hostname query is a query which returns certificates for a single specific hostname. (The include_subdomains parameter is false.)

A full-domain query is a query which returns certificates for all descendant sub-domains of the queried domain. (The include_subdomains parameter is true.)

Firehose Access

For $1,000/month, access a continuous stream of all certificates as they are added to Certificate Transparency logs. Sign up

Provisioned Indexes

Provisioned indexes speed up full-domain queries of domains which have a large number of certificates. Provisioned indexes start at $100/month per domain. Contact us for a quote.

Looking For Turnkey Monitoring?

Cert Spotter is an all-in-one certificate monitoring solution that alerts you about unauthorized, expiring, and invalid certificates for your domains, powered by the same Certificate Transparency data. No coding required. Learn More

No time to code? We'll send you a spreadsheet.

We can provide a spreadsheet listing all certificates for the domains you want to search. We can provide a one-time report, or recurring reports of all new certificates since the last report. For a quote, contact us with the number of domains and what certificate fields you are interested in (domain names, issuer, expiration, etc.).