Developer Reference
SSL Certificates API Documentation
SSL Certificates API Documentation: Query Certificate Transparency logs to discover all SSL/TLS certificates ever issued for a domain. Useful for subdomain discovery, security auditing, and monitoring for unauthorized certificate issuance. Data sourced from crt.sh.
SSL Certificates
Query Certificate Transparency logs to discover all SSL/TLS certificates ever issued for a domain. Useful for subdomain discovery, security auditing, and monitoring for unauthorized certificate issuance. Data sourced from crt.sh.
GET
/v1/certificates
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| domain required | string | Domain to search certificates for (e.g., "github.com") |
| include_subdomains optional | boolean | Include wildcard and subdomain certificates (default: true) |
Use Cases
- Subdomain enumeration via certificate SAN fields
- Detect unauthorized certificate issuance
- Monitor for phishing certificates
- Audit certificate expiration dates
Example Request
curl "https://domscan.net/v1/certificates?domain=github.com&include_subdomains=true"import requests
response = requests.get(
"https://domscan.net/v1/certificates",
params={"domain": "github.com", "include_subdomains": "true"}
)
data = response.json()
# Extract unique subdomains from certificates
subdomains = set()
for cert in data['certificates']:
for name in cert.get('names', []):
if name.endswith('.github.com'):
subdomains.add(name)
print(f"Found {len(subdomains)} subdomains")
for subdomain in sorted(subdomains)[:10]:
print(f" {subdomain}")Example Response
{
"domain": "github.com",
"certificates": [
{
"issuer": "Let's Encrypt",
"common_name": "example.com",
"san": ["example.com", "www.example.com"],
"not_before": "2024-01-01T00:00:00Z",
"not_after": "2024-04-01T00:00:00Z"
}
],
"total": 1
}Response Fields
| Field | Type |
|---|---|
domain |
string |
certificates[] |
object[] |
certificates[] |
object |
certificates[].issuer |
string |
certificates[].common_name |
string |
certificates[].not_before |
string |
certificates[].not_after |
string |
certificates[].serial_number |
string |
certificates[].entry_timestamp |
string |
total |
integer |
GET
/v1/ssl/audit
Query Parameters
| Parameter | Type | required |
|---|---|---|
| domain | string | required |
Response Fields
| Field | Type |
|---|---|
domain |
string |
audit_completeness |
string |
probe_coverage |
object |
probe_coverage.tls_inspect |
boolean |
probe_coverage.tls_audit |
boolean |
probe_coverage.tls_posture |
boolean |
probe_coverage.revocation |
boolean |
probe_coverage.hsts |
boolean |
probe_coverage.http_versions |
boolean |
certificate |
object |
certificate.subject |
string |
certificate.issuer |
string |
certificate.issuer_org |
string |
certificate.valid_from |
string |
certificate.valid_until |
string |
certificate.days_remaining |
integer |
certificate.expired |
boolean |
certificate.san[] |
string[] |
certificate.key_type |
string |
certificate.key_size |
integer |
certificate.signature_algorithm |
string |
certificate.serial_number |
string |
certificate.fingerprint_sha256 |
string |
certificate.hostname_match |
boolean | null |
chain |
object |
chain.length |
integer |
chain.valid |
boolean |
chain.certificates[] |
object[] |
chain.certificates[] |
object |
chain.certificates[].subject |
string |
chain.certificates[].issuer |
string |
chain.certificates[].type |
string |
chain.certificates[].valid_from |
string | null |
chain.certificates[].valid_until |
string | null |
chain.issues[] |
string[] |
protocols |
object |
protocols.tls_1_3 |
boolean |
protocols.tls_1_2 |
boolean |
protocols.tls_1_1 |
boolean |
protocols.tls_1_0 |
boolean |
protocols.ssl_3 |
boolean |
protocols.preferred_protocol |
string |
protocols.detection_method |
string |
protocols.deprecated_protocols_enabled |
boolean |
connection |
object |
connection.preferred_protocol |
string | null |
connection.preferred_cipher |
string | null |
connection.alpn_negotiated |
string | null |
connection.forward_secrecy |
boolean |
connection.forward_secrecy_cipher |
string | null |
connection.secure_renegotiation_supported |
boolean | null |
connection.server_temp_key |
string | null |
connection.peer_signing_digest |
string | null |
connection.peer_signature_type |
string | null |
connection.server_public_key_bits |
integer | null |
connection.compression |
string | null |
connection.expansion |
string | null |
connection.client_certificate_requested |
boolean | null |
certificate_delivery |
object |
certificate_delivery.must_staple |
boolean |
certificate_delivery.sct_embedded |
boolean |
certificate_delivery.sct_count |
integer |
certificate_delivery.ocsp_stapling_present |
boolean |
certificate_delivery.ocsp_stapling_fresh |
boolean | null |
certificate_delivery.ocsp_stapling_status |
string | null |
certificate_delivery.ocsp_this_update |
string | null |
certificate_delivery.ocsp_next_update |
string | null |
transport |
object |
transport.hsts |
object |
transport.hsts.reachable |
boolean |
transport.hsts.final_url |
string | null |
transport.hsts.status_code |
integer | null |
transport.hsts.header_present |
boolean |
transport.hsts.hsts_header |
string | null |
transport.hsts.max_age |
integer | null |
transport.hsts.include_subdomains |
boolean | null |
transport.hsts.preload_directive |
boolean | null |
transport.hsts.preload_eligible |
boolean |
transport.hsts.preload_status |
string | null |
transport.hsts.preloaded_domain |
string | null |
transport.hsts.issues[] |
string[] |
transport.hsts.errors[] |
string[] |
transport.http_versions |
object |
transport.http_versions.http1_1 |
boolean |
transport.http_versions.http2 |
boolean |
transport.http_versions.http3 |
boolean |
transport.http_versions.alt_svc |
string | null |
transport.http_versions.http3_advertised |
boolean |
transport.http_versions.alt_svc_protocols[] |
string[] |
transport.http_versions.curl_http3_supported |
boolean |
revocation |
object |
revocation.ocsp |
object |
revocation.ocsp.present |
boolean |
revocation.ocsp.uris[] |
string[] |
revocation.ocsp.checked_uri |
string | null |
revocation.ocsp.status |
string | null |
revocation.ocsp.verify_ok |
boolean |
revocation.ocsp.this_update |
string | null |
revocation.ocsp.next_update |
string | null |
revocation.ocsp.error |
string | null |
revocation.crl |
object |
revocation.crl.present |
boolean |
revocation.crl.uris[] |
string[] |
revocation.crl.checked_uri |
string | null |
revocation.crl.fetched |
boolean |
revocation.crl.http_status |
integer | null |
revocation.crl.revoked |
boolean | null |
revocation.crl.last_update |
string | null |
revocation.crl.next_update |
string | null |
revocation.crl.revoked_serial_count |
integer | null |
revocation.crl.error |
string | null |
tls_extensions[] |
string[] |
issues[] |
string[] |
recommendations[] |
string[] |
checked_at |
string |
check_duration_ms |
integer |
Example Request
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/audit?domain=example.com"Example Response
{
"domain": "cloudflare.com",
"audit_completeness": "full",
"probe_coverage": {
"tls_inspect": true,
"tls_audit": true,
"tls_posture": true,
"revocation": true,
"hsts": true,
"http_versions": true
},
"certificate": {
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"valid_from": "2026-03-01T00:00:00Z",
"valid_until": "2026-05-30T23:59:59Z",
"days_remaining": 42,
"expired": false,
"san": [
"cloudflare.com",
"*.cloudflare.com"
],
"key_type": "ECDSA",
"key_size": 256,
"signature_algorithm": "ecdsaWithSHA256",
"serial_number": "539933F4CFE7E8CF13F5E60D139675A1",
"fingerprint_sha256": "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99",
"hostname_match": true
},
"chain": {
"length": 3,
"valid": true,
"certificates": [
{
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"type": "leaf"
},
{
"subject": "Google Trust Services",
"issuer": "GlobalSign",
"type": "intermediate"
},
{
"subject": "GlobalSign",
"issuer": "GlobalSign",
"type": "root"
}
],
"issues": []
},
"protocols": {
"tls_1_3": true,
"tls_1_2": true,
"tls_1_1": false,
"tls_1_0": false,
"ssl_3": false,
"preferred_protocol": "TLSv1.3",
"detection_method": "active",
"deprecated_protocols_enabled": false
},
"connection": {
"preferred_protocol": "TLSv1.3",
"preferred_cipher": "TLS_AES_256_GCM_SHA384",
"alpn_negotiated": "h2",
"forward_secrecy": true,
"forward_secrecy_cipher": "TLS_AES_256_GCM_SHA384",
"secure_renegotiation_supported": false,
"server_temp_key": "X25519, 253 bits",
"peer_signing_digest": "SHA256",
"peer_signature_type": "ECDSA",
"server_public_key_bits": 256,
"compression": "NONE",
"expansion": "NONE",
"client_certificate_requested": false
},
"certificate_delivery": {
"must_staple": false,
"sct_embedded": true,
"sct_count": 2,
"ocsp_stapling_present": true,
"ocsp_stapling_fresh": true,
"ocsp_stapling_status": "successful (0x0)",
"ocsp_this_update": "2026-04-15T02:35:16Z",
"ocsp_next_update": "2026-04-22T01:35:15Z"
},
"transport": {
"hsts": {
"reachable": true,
"final_url": "https://cloudflare.com/",
"status_code": 200,
"header_present": true,
"hsts_header": "max-age=31536000; includeSubDomains",
"max_age": 31536000,
"include_subdomains": true,
"preload_directive": false,
"preload_eligible": true,
"preload_status": "preloaded",
"preloaded_domain": "cloudflare.com",
"issues": [
"missing preload directive"
],
"errors": []
},
"http_versions": {
"http1_1": true,
"http2": true,
"http3": true,
"alt_svc": "h3=\":443\"; ma=86400",
"http3_advertised": true,
"alt_svc_protocols": [
"h3"
],
"curl_http3_supported": true
}
},
"revocation": {
"ocsp": {
"present": true,
"uris": [
"http://o.pki.goog/wr2"
],
"checked_uri": "http://o.pki.goog/wr2",
"status": "good",
"verify_ok": true,
"this_update": "2026-04-18T20:30:00Z",
"next_update": "2026-04-19T20:30:00Z",
"error": null
},
"crl": {
"present": true,
"uris": [
"http://c.pki.goog/wr2.crl"
],
"checked_uri": "http://c.pki.goog/wr2.crl",
"fetched": true,
"http_status": 200,
"revoked": false,
"last_update": "2026-04-17T00:00:00Z",
"next_update": "2026-04-24T00:00:00Z",
"revoked_serial_count": 0,
"error": null
}
},
"tls_extensions": [
"key share",
"supported versions",
"server name"
],
"issues": [],
"recommendations": [
"Add the preload directive if you want HSTS preload-list eligibility."
],
"checked_at": "2026-04-18T21:00:00Z",
"check_duration_ms": 512
}
GET
/v1/ssl/deep-scan
Query Parameters
| Parameter | Type | required |
|---|---|---|
| domain | string | required |
| refresh | boolean | optional |
| profile | string | optional |
Response Fields
| Field | Type |
|---|---|
status |
string |
domain |
string |
host |
string |
port |
integer |
profile |
string |
scan_token |
string |
message |
string |
poll_after_ms |
integer |
cache |
object |
cache.hit |
boolean |
cache.fresh |
boolean |
cache.started_at |
string | null |
cache.completed_at |
string | null |
cache.expires_at |
string | null |
cache.engine |
string | null |
cache.profile |
string | null |
result |
object |
result.domain |
string |
result.host |
string |
result.port |
integer |
result.engine |
object |
result.engine.name |
string |
result.engine.mode |
string |
result.engine.version |
string | null |
result.engine.profile |
string |
result.target |
object |
result.target.ip |
string | null |
result.target.service |
string | null |
result.target.rdns |
string | null |
result.summary |
object |
result.summary.severity_counts |
object |
result.summary.severity_counts.critical |
integer |
result.summary.severity_counts.high |
integer |
result.summary.severity_counts.medium |
integer |
result.summary.severity_counts.low |
integer |
result.summary.severity_counts.warn |
integer |
result.summary.severity_counts.info |
integer |
result.summary.severity_counts.ok |
integer |
result.summary.actionable_findings |
integer |
result.summary.protocols_offered[] |
string[] |
result.summary.deprecated_protocols[] |
string[] |
result.summary.supports_tls_1_3 |
boolean |
result.summary.supports_http2 |
boolean | null |
result.summary.supports_http3 |
boolean | null |
result.sections |
object |
result.sections.pretest[] |
object[] |
result.sections.pretest[] |
object |
result.sections.pretest[].id |
string |
result.sections.pretest[].severity |
string |
result.sections.pretest[].finding |
string |
result.sections.pretest[].cve |
string |
result.sections.pretest[].cwe |
string |
result.sections.protocols[] |
object[] |
result.sections.protocols[] |
object |
result.sections.protocols[].id |
string |
result.sections.protocols[].severity |
string |
result.sections.protocols[].finding |
string |
result.sections.protocols[].cve |
string |
result.sections.protocols[].cwe |
string |
result.sections.server_defaults[] |
object[] |
result.sections.server_defaults[] |
object |
result.sections.server_defaults[].id |
string |
result.sections.server_defaults[].severity |
string |
result.sections.server_defaults[].finding |
string |
result.sections.server_defaults[].cve |
string |
result.sections.server_defaults[].cwe |
string |
result.sections.server_preferences[] |
object[] |
result.sections.server_preferences[] |
object |
result.sections.server_preferences[].id |
string |
result.sections.server_preferences[].severity |
string |
result.sections.server_preferences[].finding |
string |
result.sections.server_preferences[].cve |
string |
result.sections.server_preferences[].cwe |
string |
result.sections.cipher_categories[] |
object[] |
result.sections.cipher_categories[] |
object |
result.sections.cipher_categories[].id |
string |
result.sections.cipher_categories[].severity |
string |
result.sections.cipher_categories[].finding |
string |
result.sections.cipher_categories[].cve |
string |
result.sections.cipher_categories[].cwe |
string |
result.sections.forward_secrecy[] |
object[] |
result.sections.forward_secrecy[] |
object |
result.sections.forward_secrecy[].id |
string |
result.sections.forward_secrecy[].severity |
string |
result.sections.forward_secrecy[].finding |
string |
result.sections.forward_secrecy[].cve |
string |
result.sections.forward_secrecy[].cwe |
string |
result.sections.vulnerabilities[] |
object[] |
result.sections.vulnerabilities[] |
object |
result.sections.vulnerabilities[].id |
string |
result.sections.vulnerabilities[].severity |
string |
result.sections.vulnerabilities[].finding |
string |
result.sections.vulnerabilities[].cve |
string |
result.sections.vulnerabilities[].cwe |
string |
result.sections.browser_simulations[] |
object[] |
result.sections.browser_simulations[] |
object |
result.sections.browser_simulations[].id |
string |
result.sections.browser_simulations[].severity |
string |
result.sections.browser_simulations[].finding |
string |
result.sections.browser_simulations[].cve |
string |
result.sections.browser_simulations[].cwe |
string |
result.sections.rating[] |
object[] |
result.sections.rating[] |
object |
result.sections.rating[].id |
string |
result.sections.rating[].severity |
string |
result.sections.rating[].finding |
string |
result.sections.rating[].cve |
string |
result.sections.rating[].cwe |
string |
result.findings[] |
object[] |
result.findings[] |
object |
result.findings[].section |
string |
result.findings[].id |
string |
result.findings[].severity |
string |
result.findings[].finding |
string |
result.findings[].cve |
string |
result.findings[].cwe |
string |
result.checked_at |
string |
result.scan_duration_ms |
integer |
result.notes[] |
string[] |
error |
object |
error.message |
string |
error.retryable |
boolean |
Example Request
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/deep-scan?domain=openai.com&refresh=example.com&profile=example.com"Example Response
{
"status": "ready",
"domain": "openai.com",
"host": "openai.com",
"port": 443,
"profile": "full",
"scan_token": "eyJrIjoidGxzLWRlZXAtc2NhbiIsImkiOiJleGFtcGxlIiwiaCI6Im9wZW5haS5jb20ifQ",
"cache": {
"hit": true,
"fresh": true,
"completed_at": "2026-04-18T22:10:00Z",
"expires_at": "2026-04-19T22:10:00Z",
"engine": "testssl.sh",
"profile": "full"
},
"result": {
"domain": "openai.com",
"host": "openai.com",
"port": 443,
"engine": {
"name": "testssl.sh",
"mode": "testssl",
"version": "3.3dev",
"profile": "full"
},
"target": {
"ip": "172.64.154.211",
"service": "HTTP",
"rdns": "--"
},
"summary": {
"severity_counts": {
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"warn": 1,
"info": 6,
"ok": 4
},
"actionable_findings": 3,
"protocols_offered": [
"TLS1_2",
"TLS1_3"
],
"deprecated_protocols": [],
"supports_tls_1_3": true,
"supports_http2": true,
"supports_http3": null
},
"sections": {
"pretest": [],
"protocols": [
{
"id": "TLS1_2",
"severity": "OK",
"finding": "offered"
},
{
"id": "TLS1_3",
"severity": "OK",
"finding": "offered with final"
},
{
"id": "QUIC",
"severity": "WARN",
"finding": "not tested due to lack of local OpenSSL support"
}
],
"server_defaults": [
{
"id": "early_data",
"severity": "HIGH",
"finding": "supported"
}
],
"server_preferences": [],
"cipher_categories": [],
"forward_secrecy": [],
"vulnerabilities": [
{
"id": "BREACH",
"severity": "MEDIUM",
"finding": "potentially VULNERABLE, br gzip HTTP compression detected",
"cve": "CVE-2013-3587",
"cwe": "CWE-310"
}
],
"browser_simulations": [],
"rating": []
},
"findings": [
{
"section": "protocols",
"id": "QUIC",
"severity": "WARN",
"finding": "not tested due to lack of local OpenSSL support"
},
{
"section": "server_defaults",
"id": "early_data",
"severity": "HIGH",
"finding": "supported"
},
{
"section": "vulnerabilities",
"id": "BREACH",
"severity": "MEDIUM",
"finding": "potentially VULNERABLE, br gzip HTTP compression detected",
"cve": "CVE-2013-3587",
"cwe": "CWE-310"
}
],
"checked_at": "2026-04-18T22:10:00Z",
"scan_duration_ms": 53880,
"notes": []
}
}
GET
/v1/ssl/deep-scan/status
Query Parameters
| Parameter | Type | required |
|---|---|---|
| scan_token | string | required |
Response Fields
| Field | Type |
|---|---|
status |
string |
domain |
string |
host |
string |
port |
integer |
profile |
string |
scan_token |
string |
message |
string |
poll_after_ms |
integer |
cache |
object |
cache.hit |
boolean |
cache.fresh |
boolean |
cache.started_at |
string | null |
cache.completed_at |
string | null |
cache.expires_at |
string | null |
cache.engine |
string | null |
cache.profile |
string | null |
result |
object |
result.domain |
string |
result.host |
string |
result.port |
integer |
result.engine |
object |
result.engine.name |
string |
result.engine.mode |
string |
result.engine.version |
string | null |
result.engine.profile |
string |
result.target |
object |
result.target.ip |
string | null |
result.target.service |
string | null |
result.target.rdns |
string | null |
result.summary |
object |
result.summary.severity_counts |
object |
result.summary.severity_counts.critical |
integer |
result.summary.severity_counts.high |
integer |
result.summary.severity_counts.medium |
integer |
result.summary.severity_counts.low |
integer |
result.summary.severity_counts.warn |
integer |
result.summary.severity_counts.info |
integer |
result.summary.severity_counts.ok |
integer |
result.summary.actionable_findings |
integer |
result.summary.protocols_offered[] |
string[] |
result.summary.deprecated_protocols[] |
string[] |
result.summary.supports_tls_1_3 |
boolean |
result.summary.supports_http2 |
boolean | null |
result.summary.supports_http3 |
boolean | null |
result.sections |
object |
result.sections.pretest[] |
object[] |
result.sections.pretest[] |
object |
result.sections.pretest[].id |
string |
result.sections.pretest[].severity |
string |
result.sections.pretest[].finding |
string |
result.sections.pretest[].cve |
string |
result.sections.pretest[].cwe |
string |
result.sections.protocols[] |
object[] |
result.sections.protocols[] |
object |
result.sections.protocols[].id |
string |
result.sections.protocols[].severity |
string |
result.sections.protocols[].finding |
string |
result.sections.protocols[].cve |
string |
result.sections.protocols[].cwe |
string |
result.sections.server_defaults[] |
object[] |
result.sections.server_defaults[] |
object |
result.sections.server_defaults[].id |
string |
result.sections.server_defaults[].severity |
string |
result.sections.server_defaults[].finding |
string |
result.sections.server_defaults[].cve |
string |
result.sections.server_defaults[].cwe |
string |
result.sections.server_preferences[] |
object[] |
result.sections.server_preferences[] |
object |
result.sections.server_preferences[].id |
string |
result.sections.server_preferences[].severity |
string |
result.sections.server_preferences[].finding |
string |
result.sections.server_preferences[].cve |
string |
result.sections.server_preferences[].cwe |
string |
result.sections.cipher_categories[] |
object[] |
result.sections.cipher_categories[] |
object |
result.sections.cipher_categories[].id |
string |
result.sections.cipher_categories[].severity |
string |
result.sections.cipher_categories[].finding |
string |
result.sections.cipher_categories[].cve |
string |
result.sections.cipher_categories[].cwe |
string |
result.sections.forward_secrecy[] |
object[] |
result.sections.forward_secrecy[] |
object |
result.sections.forward_secrecy[].id |
string |
result.sections.forward_secrecy[].severity |
string |
result.sections.forward_secrecy[].finding |
string |
result.sections.forward_secrecy[].cve |
string |
result.sections.forward_secrecy[].cwe |
string |
result.sections.vulnerabilities[] |
object[] |
result.sections.vulnerabilities[] |
object |
result.sections.vulnerabilities[].id |
string |
result.sections.vulnerabilities[].severity |
string |
result.sections.vulnerabilities[].finding |
string |
result.sections.vulnerabilities[].cve |
string |
result.sections.vulnerabilities[].cwe |
string |
result.sections.browser_simulations[] |
object[] |
result.sections.browser_simulations[] |
object |
result.sections.browser_simulations[].id |
string |
result.sections.browser_simulations[].severity |
string |
result.sections.browser_simulations[].finding |
string |
result.sections.browser_simulations[].cve |
string |
result.sections.browser_simulations[].cwe |
string |
result.sections.rating[] |
object[] |
result.sections.rating[] |
object |
result.sections.rating[].id |
string |
result.sections.rating[].severity |
string |
result.sections.rating[].finding |
string |
result.sections.rating[].cve |
string |
result.sections.rating[].cwe |
string |
result.findings[] |
object[] |
result.findings[] |
object |
result.findings[].section |
string |
result.findings[].id |
string |
result.findings[].severity |
string |
result.findings[].finding |
string |
result.findings[].cve |
string |
result.findings[].cwe |
string |
result.checked_at |
string |
result.scan_duration_ms |
integer |
result.notes[] |
string[] |
error |
object |
error.message |
string |
error.retryable |
boolean |
Example Request
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/deep-scan/status?scan_token=example.com"Example Response
{
"status": "ready",
"domain": "openai.com",
"host": "openai.com",
"port": 443,
"profile": "full",
"scan_token": "eyJrIjoidGxzLWRlZXAtc2NhbiIsImkiOiJleGFtcGxlIiwiaCI6Im9wZW5haS5jb20ifQ",
"cache": {
"hit": true,
"fresh": true,
"completed_at": "2026-04-18T22:10:00Z",
"expires_at": "2026-04-19T22:10:00Z",
"engine": "testssl.sh",
"profile": "full"
},
"result": {
"domain": "openai.com",
"host": "openai.com",
"port": 443,
"engine": {
"name": "testssl.sh",
"mode": "testssl",
"version": "3.3dev",
"profile": "full"
},
"target": {
"ip": "172.64.154.211",
"service": "HTTP",
"rdns": "--"
},
"summary": {
"severity_counts": {
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"warn": 1,
"info": 6,
"ok": 4
},
"actionable_findings": 3,
"protocols_offered": [
"TLS1_2",
"TLS1_3"
],
"deprecated_protocols": [],
"supports_tls_1_3": true,
"supports_http2": true,
"supports_http3": null
},
"sections": {
"pretest": [],
"protocols": [
{
"id": "TLS1_2",
"severity": "OK",
"finding": "offered"
},
{
"id": "TLS1_3",
"severity": "OK",
"finding": "offered with final"
},
{
"id": "QUIC",
"severity": "WARN",
"finding": "not tested due to lack of local OpenSSL support"
}
],
"server_defaults": [
{
"id": "early_data",
"severity": "HIGH",
"finding": "supported"
}
],
"server_preferences": [],
"cipher_categories": [],
"forward_secrecy": [],
"vulnerabilities": [
{
"id": "BREACH",
"severity": "MEDIUM",
"finding": "potentially VULNERABLE, br gzip HTTP compression detected",
"cve": "CVE-2013-3587",
"cwe": "CWE-310"
}
],
"browser_simulations": [],
"rating": []
},
"findings": [
{
"section": "protocols",
"id": "QUIC",
"severity": "WARN",
"finding": "not tested due to lack of local OpenSSL support"
},
{
"section": "server_defaults",
"id": "early_data",
"severity": "HIGH",
"finding": "supported"
},
{
"section": "vulnerabilities",
"id": "BREACH",
"severity": "MEDIUM",
"finding": "potentially VULNERABLE, br gzip HTTP compression detected",
"cve": "CVE-2013-3587",
"cwe": "CWE-310"
}
],
"checked_at": "2026-04-18T22:10:00Z",
"scan_duration_ms": 53880,
"notes": []
}
}
GET
/v1/ssl/grade
Query Parameters
| Parameter | Type | required |
|---|---|---|
| domain | string | required |
Response Fields
| Field | Type |
|---|---|
domain |
string |
grade |
string |
score |
integer |
protocol_support |
object |
protocol_support.tls_1_3 |
boolean |
protocol_support.tls_1_2 |
boolean |
protocol_support.tls_1_1 |
boolean |
protocol_support.tls_1_0 |
boolean |
protocol_support.ssl_3 |
boolean |
protocol_support.preferred_protocol |
string |
protocol_support.detection_method |
string |
certificate |
object |
certificate.subject |
string |
certificate.issuer |
string |
certificate.valid_from |
string |
certificate.valid_until |
string |
certificate.days_remaining |
integer |
certificate.expired |
boolean |
certificate.san[] |
string[] |
certificate.key_type |
string |
certificate.key_size |
integer |
certificate.signature_algorithm |
string |
certificate.fingerprint_sha256 |
string |
chain |
object |
chain.length |
integer |
chain.valid |
boolean |
chain.certificates[] |
object[] |
chain.certificates[] |
object |
chain.certificates[].subject |
string |
chain.certificates[].issuer |
string |
chain.certificates[].type |
string |
chain.issues[] |
string[] |
security |
object |
security.forward_secrecy |
boolean |
security.forward_secrecy_cipher |
string |
security.hsts_enabled |
boolean |
security.hsts_max_age |
integer |
security.hsts_include_subdomains |
boolean |
security.hsts_preload |
boolean |
security.hsts_header |
string |
security.hsts_preload_status |
string |
security.hsts_preloaded_domain |
string |
security.hsts_preload_eligible |
boolean |
security.hsts_final_url |
string |
security.hsts_errors[] |
string[] |
security.alpn_negotiated |
string |
security.ocsp_stapling |
boolean |
security.ocsp_stapling_fresh |
boolean |
security.ocsp_stapling_status |
string | null |
security.ocsp_stapling_this_update |
string | null |
security.ocsp_stapling_next_update |
string | null |
security.sct_embedded |
boolean |
security.sct_count |
integer |
security.ct_compliance |
boolean |
security.must_staple |
boolean |
security.secure_renegotiation |
boolean |
revocation |
object |
revocation.ocsp |
object |
revocation.ocsp.present |
boolean |
revocation.ocsp.uris[] |
string[] |
revocation.ocsp.checked_uri |
string | null |
revocation.ocsp.status |
string | null |
revocation.ocsp.verify_ok |
boolean |
revocation.ocsp.this_update |
string | null |
revocation.ocsp.next_update |
string | null |
revocation.ocsp.error |
string | null |
revocation.crl |
object |
revocation.crl.present |
boolean |
revocation.crl.uris[] |
string[] |
revocation.crl.checked_uri |
string | null |
revocation.crl.fetched |
boolean |
revocation.crl.http_status |
integer | null |
revocation.crl.revoked |
boolean | null |
revocation.crl.last_update |
string | null |
revocation.crl.next_update |
string | null |
revocation.crl.revoked_serial_count |
integer | null |
revocation.crl.error |
string | null |
issues[] |
string[] |
recommendations[] |
string[] |
checked_at |
string |
check_duration_ms |
integer |
Example Request
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/grade?domain=example.com"Example Response
{
"domain": "cloudflare.com",
"grade": "A+",
"score": 98,
"protocol_support": {
"tls_1_3": true,
"tls_1_2": true,
"tls_1_1": false,
"tls_1_0": false,
"ssl_3": false,
"preferred_protocol": "TLSv1.3",
"detection_method": "active"
},
"certificate": {
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"valid_from": "2026-03-01T00:00:00Z",
"valid_until": "2026-05-30T23:59:59Z",
"days_remaining": 42,
"expired": false,
"san": [
"cloudflare.com",
"*.cloudflare.com"
],
"key_type": "ECDSA",
"key_size": 256,
"signature_algorithm": "ecdsaWithSHA256",
"fingerprint_sha256": "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99"
},
"chain": {
"length": 3,
"valid": true,
"certificates": [
{
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"type": "leaf"
},
{
"subject": "Google Trust Services",
"issuer": "GlobalSign",
"type": "intermediate"
},
{
"subject": "GlobalSign",
"issuer": "GlobalSign",
"type": "root"
}
],
"issues": []
},
"security": {
"forward_secrecy": true,
"forward_secrecy_cipher": "TLS_AES_256_GCM_SHA384",
"hsts_enabled": true,
"hsts_max_age": 31536000,
"hsts_include_subdomains": true,
"hsts_preload": true,
"hsts_header": "max-age=31536000; includeSubDomains; preload",
"hsts_preload_status": "preloaded",
"hsts_preloaded_domain": "cloudflare.com",
"hsts_preload_eligible": true,
"hsts_final_url": "https://cloudflare.com/",
"hsts_errors": [],
"alpn_negotiated": "h2",
"ocsp_stapling": true,
"ocsp_stapling_fresh": true,
"ocsp_stapling_status": "successful (0x0)",
"ocsp_stapling_this_update": "2026-04-15T02:35:16Z",
"ocsp_stapling_next_update": "2026-04-22T01:35:15Z",
"ct_compliance": true,
"must_staple": false,
"sct_embedded": true,
"sct_count": 2
},
"revocation": {
"ocsp": {
"present": true,
"uris": [
"http://o.pki.goog/wr2"
],
"checked_uri": "http://o.pki.goog/wr2",
"status": "good",
"verify_ok": true,
"this_update": "2026-04-18T20:30:00Z",
"next_update": "2026-04-19T20:30:00Z",
"error": null
},
"crl": {
"present": true,
"uris": [
"http://c.pki.goog/wr2.crl"
],
"checked_uri": "http://c.pki.goog/wr2.crl",
"fetched": true,
"http_status": 200,
"revoked": false,
"last_update": "2026-04-17T00:00:00Z",
"next_update": "2026-04-24T00:00:00Z",
"revoked_serial_count": 0,
"error": null
}
},
"issues": [],
"recommendations": [],
"checked_at": "2026-04-18T21:00:00Z",
"check_duration_ms": 142
}
GET
/v1/ssl/chain
Query Parameters
| Parameter | Type | required |
|---|---|---|
| domain | string | required |
Response Fields
| Field | Type |
|---|---|
domain |
string |
chain[] |
object[] |
chain[] |
object |
chain[].subject |
string |
chain[].issuer |
string |
chain[].type |
string |
chain[].valid_from |
string | null |
chain[].valid_until |
string | null |
chain_length |
integer |
root_trusted |
boolean |
chain_valid |
boolean |
certificate |
object |
certificate.subject |
string |
certificate.issuer |
string |
certificate.valid_from |
string |
certificate.valid_until |
string |
certificate.days_remaining |
integer |
certificate.expired |
boolean |
certificate.san[] |
string[] |
certificate.key_type |
string |
certificate.key_size |
integer |
certificate.signature_algorithm |
string |
certificate.fingerprint_sha256 |
string |
protocol_support |
object |
protocol_support.tls_1_3 |
boolean |
protocol_support.tls_1_2 |
boolean |
protocol_support.tls_1_1 |
boolean |
protocol_support.tls_1_0 |
boolean |
protocol_support.ssl_3 |
boolean |
protocol_support.preferred_protocol |
string |
protocol_support.detection_method |
string |
security |
object |
security.alpn_negotiated |
string |
security.forward_secrecy |
boolean |
security.forward_secrecy_cipher |
string |
security.must_staple |
boolean |
security.sct_embedded |
boolean |
security.sct_count |
integer |
security.ocsp_stapling |
boolean |
security.ocsp_stapling_fresh |
boolean |
security.ocsp_stapling_status |
string | null |
security.ocsp_stapling_this_update |
string | null |
security.ocsp_stapling_next_update |
string | null |
issues[] |
string[] |
revocation |
object |
revocation.ocsp |
object |
revocation.ocsp.present |
boolean |
revocation.ocsp.uris[] |
string[] |
revocation.ocsp.checked_uri |
string | null |
revocation.ocsp.status |
string | null |
revocation.ocsp.verify_ok |
boolean |
revocation.ocsp.this_update |
string | null |
revocation.ocsp.next_update |
string | null |
revocation.ocsp.error |
string | null |
revocation.crl |
object |
revocation.crl.present |
boolean |
revocation.crl.uris[] |
string[] |
revocation.crl.checked_uri |
string | null |
revocation.crl.fetched |
boolean |
revocation.crl.http_status |
integer | null |
revocation.crl.revoked |
boolean | null |
revocation.crl.last_update |
string | null |
revocation.crl.next_update |
string | null |
revocation.crl.revoked_serial_count |
integer | null |
revocation.crl.error |
string | null |
checked_at |
string |
Example Request
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/chain?domain=example.com"Example Response
{
"domain": "cloudflare.com",
"chain": [
{
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"type": "leaf",
"valid_from": "2026-03-01T00:00:00Z",
"valid_until": "2026-05-30T23:59:59Z"
},
{
"subject": "Google Trust Services",
"issuer": "GlobalSign",
"type": "intermediate",
"valid_from": "2024-01-01T00:00:00Z",
"valid_until": "2029-01-01T00:00:00Z"
}
],
"chain_valid": true,
"chain_length": 2,
"root_trusted": true,
"certificate": {
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"valid_from": "2026-03-01T00:00:00Z",
"valid_until": "2026-05-30T23:59:59Z",
"days_remaining": 42,
"expired": false,
"san": [
"cloudflare.com",
"*.cloudflare.com"
],
"key_type": "ECDSA",
"key_size": 256,
"signature_algorithm": "ecdsaWithSHA256",
"fingerprint_sha256": "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99"
},
"protocol_support": {
"tls_1_3": true,
"tls_1_2": true,
"tls_1_1": false,
"tls_1_0": false,
"ssl_3": false,
"preferred_protocol": "TLSv1.3",
"detection_method": "active"
},
"security": {
"alpn_negotiated": "h2",
"forward_secrecy": true,
"forward_secrecy_cipher": "TLS_AES_256_GCM_SHA384",
"must_staple": false,
"sct_embedded": true,
"sct_count": 2,
"ocsp_stapling": true,
"ocsp_stapling_fresh": true,
"ocsp_stapling_status": "successful (0x0)",
"ocsp_stapling_this_update": "2026-04-15T02:35:16Z",
"ocsp_stapling_next_update": "2026-04-22T01:35:15Z"
},
"issues": [],
"revocation": {
"ocsp": {
"present": true,
"uris": [
"http://o.pki.goog/wr2"
],
"checked_uri": "http://o.pki.goog/wr2",
"status": "good",
"verify_ok": true,
"this_update": "2026-04-18T20:30:00Z",
"next_update": "2026-04-19T20:30:00Z",
"error": null
},
"crl": {
"present": true,
"uris": [
"http://c.pki.goog/wr2.crl"
],
"checked_uri": "http://c.pki.goog/wr2.crl",
"fetched": true,
"http_status": 200,
"revoked": false,
"last_update": "2026-04-17T00:00:00Z",
"next_update": "2026-04-24T00:00:00Z",
"revoked_serial_count": 0,
"error": null
}
},
"checked_at": "2026-04-18T21:00:00Z"
}
GET
/v1/ssl/expiring
Query Parameters
| Parameter | Type | required |
|---|---|---|
| domain | string | required |
| threshold_days | integer | optional |
Response Fields
| Field | Type |
|---|---|
domain |
string |
expiring_soon |
boolean |
expired |
boolean |
days_remaining |
integer |
valid_until |
string |
urgency |
string |
Example Request
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/expiring?domain=example.com&threshold_days=example.com"Example Response
{
"domain": "example.com",
"expiring_soon": true,
"expired": true,
"days_remaining": 1,
"valid_until": "string",
"urgency": "none"
}
