The SSL Lookup tool retrieves and analyzes the SSL/TLS certificate installed on any domain or hostname - returning issuer details, validity dates, Subject Alternative Names (SANs), certificate chain, key algorithm, and certificate transparency log data. SSL certificates are both a security control and a rich OSINT source: they often reveal domain infrastructure, organizational relationships, and threat actor patterns that aren't visible anywhere else.
SSL certificates are goldmines for OSINT. The Subject Alternative Names (SAN) field often lists multiple domains covered by a single certificate - revealing related infrastructure operated by the same entity. Threat actors frequently reuse certificates or CAs across campaigns, making certificate pivoting (finding all domains sharing a certificate or a specific issuer) one of the most effective threat intelligence techniques. Combine with WHOIS Lookup to cross-reference registrant data with certificate data.
Certificate Transparency (CT) logs are public records of every SSL certificate issued by trusted Certificate Authorities. WhoisFreaks monitors CT logs continuously - when a new certificate is issued for a domain pattern matching your brand or keywords, it surfaces immediately. Newly issued certificates for typosquatting domains (e.g., 'paypa1.com', 'your-brand-login.com') are often the earliest indicator of an upcoming phishing campaign.
Use SSL Lookup to verify certificate installation, check expiry dates before they cause outages, confirm all expected domains are covered in the SAN list, and validate the full certificate chain (intermediate and root CA). Certificate expiry causes sudden HTTPS failures and browser warnings that damage user trust and SEO. Monitor critical certificates regularly.
Organizations conducting third-party vendor security assessments use SSL Lookup to verify vendors are using properly issued certificates from trusted CAs, check for certificates about to expire, and identify self-signed or weak certificates that indicate poor security hygiene.
Check the 'Not After' field for certificate expiry. Most browsers start showing warnings when a certificate has fewer than 30 days remaining. Set up expiry monitoring via the SSL API to get alerts before outages occur.
