SSL Certificate Inspection
Retrieve and inspect the SSL/TLS certificate for a domain. Returns certificate details, validity dates, expiration status, connection security information, and an overall grade.
Endpoint
GET /api/v1/ssl/{domain}
Authentication
All requests require an API key passed via the X-Api-Key header.
Parameters
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
domain | string | path | Yes | Domain name to inspect |
Response
{
"domain": "example.com",
"valid": true,
"issuer": "CN=R3, O=Let's Encrypt, C=US",
"subject": "CN=example.com",
"serialNumber": "04:A3:B7:2F:01:C9:8E:5D:00:02:7A:F1",
"validFrom": "2025-01-15T00:00:00Z",
"validTo": "2025-04-15T23:59:59Z",
"daysUntilExpiry": 64,
"signatureAlgorithm": "SHA256withRSA",
"subjectAlternativeNames": [
"example.com",
"www.example.com"
],
"protocol": "TLSv1.3",
"cipherSuite": "TLS_AES_256_GCM_SHA384",
"chainLength": 3,
"errorMessage": null,
"grade": "A+",
"warnings": []
}
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
valid | boolean | Whether the certificate is currently valid and trusted |
issuer | string | Certificate issuer distinguished name |
subject | string | Certificate subject distinguished name |
serialNumber | string | Certificate serial number (hex-encoded) |
validFrom | string | Certificate start date (ISO 8601) |
validTo | string | Certificate expiry date (ISO 8601) |
daysUntilExpiry | integer | Number of days until the certificate expires (negative if expired) |
signatureAlgorithm | string | Signature algorithm used (e.g., SHA256withRSA) |
subjectAlternativeNames | array | List of domain names covered by the certificate (SANs) |
protocol | string | Negotiated TLS protocol version |
cipherSuite | string | Negotiated cipher suite |
chainLength | integer | Number of certificates in the chain (including root) |
errorMessage | string | Error description if the connection or validation failed (null on success) |
grade | string | Overall SSL grade (A+, A, B, C, F) based on certificate and connection quality |
warnings | array | List of warning messages about potential issues (weak cipher, short validity, etc.) |
Grade Scale
| Grade | Criteria |
|---|---|
| A+ | Valid cert, TLSv1.3, strong cipher, 90+ days until expiry |
| A | Valid cert, TLSv1.2+, strong cipher |
| B | Valid cert, minor issues (short expiry, older protocol) |
| C | Valid cert, significant issues (weak cipher, very short expiry) |
| F | Invalid, expired, or self-signed certificate |
Example
curl -H "X-Api-Key: YOUR_API_KEY" \
"https://api.iqxlookup.neivi.es/api/v1/ssl/google.com"
Notes
- The endpoint connects to port 443 of the target domain
daysUntilExpiryis negative for expired certificatesvalidisfalseif the certificate is expired, self-signed, or the chain is untrusted- When the SSL connection fails entirely,
errorMessagecontains the failure reason and most other fields will be null