SSL Certificate Lookup Documentation
Overview
-
Live SSL Certificate Lookup
SSL cert lookup API allows you to fetch live streaming Secure Sockets Layer (SSL) certificate along with its complete SSL cert chain to provide up-to-date and consistent data in JSON/XML formats.
Authorization
You can make authorized requests to our API by passing API key as a query parameter. To get your API key, login to our billing dashboard and get your API key! If your API key has been compromised, you can change it by clicking on reset button in billing dashboard.
SSL Certificate Lookup
API
https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=google.com&chain=true&sslRaw=true

Input parameters: required
apiKey Get your API key from our billing dashboard.
domainName The domainName for requested ssl data.
Input parameters: optional
chain For getting the chain of all domain ssl certificates sorted from end-user to root. Default value is "false"
SSLRaw For getting the raw openssl response of the domain. Default value is "false"
format Two formats are available JSON, XML. If you don't pass 'format' parameter, default format is JSON.
Code Snippets
curl --location --request GET 'https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true'
var request = require('request');
var options = {
'method': 'GET',
'url': 'https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true',
'headers': {
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
Request request = new Request.Builder()
.url("https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true")
.method("GET", null)
.build();
Response response = client.newCall(request).execute();
import http.client
conn = http.client.HTTPSConnection("api.whoisfreaks.com")
payload = ''
headers = {}
conn.request("GET", "/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
require "uri"
require "net/http"
url = URI("https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true")
https = Net::HTTP.new(url.host, url.port)
https.use_ssl = true
request = Net::HTTP::Get.new(url)
response = https.request(request)
puts response.read_body
var requestOptions = {
method: 'GET',
redirect: 'follow'
};
fetch("https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));
var client = new RestClient("https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true");
client.Timeout = -1;
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true"
method := "GET"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "GET");
curl_easy_setopt(curl, CURLOPT_URL, "https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
struct curl_slist *headers = NULL;
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
res = curl_easy_perform(curl);
}
curl_easy_cleanup(curl);
import Foundation
#if canImport(FoundationNetworking)
import FoundationNetworking
#endif
var semaphore = DispatchSemaphore (value: 0)
var request = URLRequest(url: URL(string: "https://api.whoisfreaks.com/v1.0/ssl/live?apiKey=API_KEY&domainName=whoisfreaks.com&chain=true&sslRaw=true")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
semaphore.signal()
return
}
print(String(data: data, encoding: .utf8)!)
semaphore.signal()
}
task.resume()
semaphore.wait()
Response
Live SSL Certificate API provides response in JSON/XML formats. You can pass format as parameter to consume API in your required format. Default format is JSON. Following is the complete SSL Certificate data response format.
{
"domainName": "whoisfreaks.com",
"queryTime": "2022-11-24 06:59:05",
"sslCertificates": [
{
"chainOrder": "end-user",
"authenticationType": "domain",
"validityStartDate": "2022-09-30 05:33:58 UTC",
"validityEndDate": "2022-12-29 05:33:57 UTC",
"serialNumber": "03:ae:75:41:57:24:35:af:33:01:38:15:47:6e:4a:bf:0d:6a",
"signatureAlgorithm": "SHA256-RSA",
"subject": {
"commonName": "whoisfreaks.com"
},
"issuer": {
"commonName": "R3",
"organization": "Let's Encrypt",
"country": "US"
},
"publicKey": {
"keySize": "2048 bit",
"keyAlgorithm": "RSA",
"pemRaw": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr72X7GNcnc5ysVRebBlfO9i94nZCFihvR3anhutttebaIPcuRvHpYqeHyu9G5fP5JegZJuGVBNJzfPpcN1HO9zFEBQ1fmlwooiXX6szgS9iUlS7xCEvhQt9ipmc1z11DeGNyeQq9IchUHasdO8z+X8vX/C+88If9QBJdXQcEvxS2x11xhMlR/T8hYKrrThngOhUAy+vMpK0hFvr602lYHgS7kfZm3NHCL18a1LFcGq/jBGoS7jqrSGC1biLNKsW23OvVeMl2y6orFu9Y3GVkbHxtPtLz3P584HK8Z/yAcVAfhoS2rctfcLjmQZisZyqembsGEYPDchBQ9aw2JPd2LwIDAQAB\n-----END PUBLIC KEY-----\n"
},
"extensions": {
"authorityKeyIdentifier": "14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6",
"subjectKeyIdentifier": "80:3A:A3:17:87:E3:3C:EE:F4:FB:9E:A4:39:B0:99:29:24:BE:CD:F6",
"keyUsages": [
"Digital Signature",
"Key Encipherment"
],
"extendedKeyUsages": [
"TLS Web Server Authentication",
"TLS Web Client Authentication"
],
"authorityInfoAccess": {
"issuers": [
"http://r3.i.lencr.org/"
],
"ocsp": [
"http://r3.o.lencr.org"
]
},
"subjectAlternativeNames": {
"dnsNames": [
"whoisfreaks.com",
"billing.whoisfreaks.com"
]
},
"certificatePolicies": [
{
"policyId": "2.23.140.1.2.1"
},
{
"policyId": "1.3.6.1.4.1.44947.1.1.1",
"policyQualifier": {
"oid": "1.3.6.1.5.5.7.2.1",
"cpsUri": "http://cps.letsencrypt.org"
}
}
]
},
"pemRaw": "-----BEGIN CERTIFICATE-----\nMIIFPTCCBCWgAwIBAgISA651QVckNa8zATgVR25Kvw1qMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMjA5MzAwNTMzNThaFw0yMjEyMjkwNTMzNTdaMBoxGDAWBgNVBAMTD3dob2lzZnJlYWtzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+9l+xjXJ3OcrFUXmwZXzvYveJ2QhYob0d2p4brbbXm2iD3Lkbx6WKnh8rvRuXz+SXoGSbhlQTSc3z6XDdRzvcxRAUNX5pcKKIl1+rM4EvYlJUu8QhL4ULfYqZnNc9dQ3hjcnkKvSHIVB2rHTvM/l/L1/wvvPCH/UASXV0HBL8UtsddcYTJUf0/IWCq604Z4DoVAMvrzKStIRb6+tNpWB4Eu5H2ZtzRwi9fGtSxXBqv4wRqEu46q0hgtW4izSrFttzr1XjJdsuqKxbvWNxlZGx8bT7S89z+fOByvGf8gHFQH4aEtq3LX3C45kGYrGcqnpm7BhGDw3IQUPWsNiT3di8CAwEAAaOCAmMwggJfMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgDqjF4fjPO70+56kObCZKSS+zfYwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wMwYDVR0RBCwwKoIXYmlsbGluZy53aG9pc2ZyZWFrcy5jb22CD3dob2lzZnJlYWtzLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABg40aDsEAAAQDAEcwRQIhAIXlo4U/tO48FBOZ+HDGPDTIqO6OQq9o5JRWQ1qiZ6XRAiAeg1bETWNZjPkKNoSaTpusGr72Q1WzM5CpmPch6yOhuQB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABg40aDvAAAAQDAEcwRQIhANW/qmnuZqzhCvsaRIDGpqo9MN+HVf6vnUWVjgR6cmzDAiADE7M0/ZfyWnF5DmD08sxSs7Ygz4pO5WJ74Xp81r38QDANBgkqhkiG9w0BAQsFAAOCAQEAO6U+zUW+8mDyZlXA0W0gkrSIX8Hv+1FgY+FYsk4/rTu+nj6bEEEPm7PfMVcmkaNfGEBZaupuNy/Qwnv/Om7rhrOCz1BXok2gB539mRqdDWQRViKxb48srVY/HzLr1YE6l38gdJ2rdUgP7UmoxbwWyZ3sivi0o407wKUFAEHK/QQLt6zKIyWqwk3MiPjRqtaei0tLqmUCUOucBkCW83jHGmLnR4TjkIkdZlSPwSome/h8//6N8sJw2DtHVXfMxOgDa+dP5uMSGPugCnziJ5Uz7KT0PbaKp2hfVA0GK0+VQUT/Wlmciq9LnUF1cFVNdskptscjUGWr9tf8Fk7KPX05zw==\n-----END CERTIFICATE-----\n"
}
]
}
HTTP Error Codes
Below mentioned possible type of error and desc.
Credits Usage API
You need credits in order to use Whoisfreaks API. Live SSL Certificate Lookup service will charge 1 credit per successfull query for a domain without chaining. With chaining enabled, 1 credit will be charge for every 2 certificates in the response. You can fetch credits usage and remaining credits information through an API.
https://api.whoisfreaks.com/v1.0/whoisapi/usage?apiKey=API_KEY

Input parameters: required
apiKey Get your API key from our billing dashboard.
Input parameters: optional
format Two formats are available JSON, XML. If you don't pass 'format' parameter, default format is JSON.
Response
You can get API key from our billing dashboard.
{
"apiKey": "API_KEY",
"apiCredits": {
"totalCredits": 1020079,
"servedRequest": 1533
},
"apiSubscription": {
"subscriptionStatus": "deactivated",
"requestLimit": 0,
"servedRequests": 18,
"surchargeRequestLimit": 0,
"servedSurchargeRequests": 0
}
}
FAQs
What is the SSL certificate?
SSL (Secure Sockets Layer) is a cryptographic protocol that ensures data transferred between the web browser and the web server remains private. It also prevents cybercriminals from reading and modifying any transaction done between them such as the transmission of sensitive information like credit card while doing online shopping.
What is meant by SSL Certificate Chain?
The SSL chain is a list of certificates used to authenticate an end-user. The path, begins with the certificate of that end-user and each cert in the chain is signed by the entity identified by the next cert in the chain. The chain ends with a root CA cert. The signatures of all certs in the chain must be verified until the root CA certificate is reached.
Which TLDs are supported by your system?
All available TLDs are supported by SSL certificate lookup API.
Do you have notification service when API credits are near to an end?
Yes, we will inform you via an email. We send notification email on 80%,90%,100% usage. You can get credits/ subscription usage information from our billing portal or through API.
What happened if API credits have been utilized and my system is using whois API?
We provide surcharge requests on all active API credits subscriptions. You can fetch credits and surcharge requests information through our API. Each subscription plan has different surcharge requests limit.
Do you charge credit on 4xx error status codes in response?
No, We do not charge credits on 4xx status codes in response. All Whois APIs follow same rule for 4xx status codes in response.
What is the number of free API credits available for new users, and are these credits rate-limited?
We will provide 500 API credits to new users and yes, those credits have a rate-limiting of 10 requests per minute for Live APIs, 5 requests per minute for Bulk Domain Lookup, and 1 request per minute for Reverse/Historical Endpoints.
What is meant by Live Lookup endpoint and how much data latency does it offer?
Our Live Lookup API offers real-time access to various endpoints, including domain whois, SSL and DNS data. By directly connecting to authoritative sources, this API ensures that you receive the most current and up-to-date information, eliminating data latency.
Do you have rate limiting on number of requests being made on your paid plans?
Yes, we have rate limiting on requests being made on all of our paid plans. The requests limit is shown in the following table.
The Table is divided into three types of plans:
1) API Credits
Credits | live-rpm | bulk-rpm | historical/reverse-rpm |
---|---|---|---|
5000 | 20 | 8 | 3 |
15000 | 35 | 12 | 5 |
50000 | 80 | 20 | 10 |
150000 | 120 | 25 | 15 |
450000 | 150 | 35 | 20 |
1000000 | 200 | 50 | 25 |
3000000 | 300 | 70 | 35 |
2) API Subscription
Credits | live-rpm | bulk-rpm | historical/reverse-rpm |
---|---|---|---|
5000 | 20 | 8 | 3 |
15000 | 35 | 12 | 5 |
50000 | 80 | 20 | 10 |
150,000 | 120 | 25 | 15 |
450,000 | 150 | 35 | 20 |
1,000,000 | 200 | 50 | 25 |
3,000,000 | 300 | 70 | 35 |
- live-rpm: API requests per minute limit for live Whois lookup API, domain availability API, SSL certificate lookup API, and DNS lookup API endpoints.
- bulk-rpm: API requests per minute limit for bulk domain Whois lookup API endpoint.
- historical/reverse-rpm: API requests per minute limit for historical, and reverse Whois API endpoints.
Do you provide any headers in API response regarding rate limiting?
Yes, there are following three header parameters in the response:
- X-RateLimit-Allowed-Requests (Tells the max allowed API requests per minute on a specific plan)
- X-RateLimit-Remaining-Requests (Tells the remaining API requests per minute for that plan)
- X-RateLimit-Remaining-Time (Tells after how much time the API requests per minute will be reset)