SSL Certificate Monitor

A professional SSL/TLS certificate monitoring solution that checks multiple domains simultaneously and provides comprehensive certificate analysis including security grading, expiry tracking, and detailed certificate chain information.

Features

✅ Batch Processing - Check multiple domains in a single run
✅ Comprehensive Analysis - Extract all certificate details including issuer, subject, validity dates
✅ Security Grading - Automatic A/B/C/F grading based on certificate strength and expiry
✅ Certificate Chain - Full certificate chain analysis
✅ Subject Alternative Names - Extract all SAN entries
✅ Expiry Tracking - Days until expiry calculation
✅ Error Handling - Detailed error reporting for problematic certificates
✅ Configurable Timeout - Adjustable connection timeout per domain

Input Configuration

Field	Type	Required	Description	Default
domains	Array of strings	Yes	List of domains or URLs to check	-
timeout	Integer	No	Connection timeout in seconds (5-60)	10

Input Example

{
  "domains": [
    "example.com",
    "https://secure.example.org",
    "api.service.com:443"
  ],
  "timeout": 15
}

Output Data

Each domain produces a detailed certificate analysis record:

Field	Type	Description
domain	String	Domain that was checked
protocol	String	TLS/SSL protocol version
issuer	String	Certificate issuer information
subject	String	Certificate subject details
validFrom	DateTime	Certificate validity start date
validTo	DateTime	Certificate expiry date
daysUntilExpiry	Integer	Days remaining until expiry
serialNumber	String	Certificate serial number
fingerprint	String	SHA1 certificate fingerprint
signatureAlgorithm	String	Signature algorithm used
keySize	Integer	Certificate key size in bits
san	Array	Subject Alternative Names
certificateChain	Array	Complete certificate chain
grade	String	Security grade (A/B/C/F)
errors	Array	Any errors encountered

Output Example

{
  "domain": "example.com",
  "protocol": "TLSv1.3",
  "issuer": "C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1",
  "subject": "C=US, ST=California, L=Los Angeles, O=Internet Corporation for Assigned Names and Numbers, CN=www.example.org",
  "validFrom": "2023-01-13T00:00:00.000Z",
  "validTo": "2024-01-13T23:59:59.000Z",
  "daysUntilExpiry": 45,
  "serialNumber": "0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f",
  "fingerprint": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0",
  "signatureAlgorithm": "sha256WithRSAEncryption",
  "keySize": 2048,
  "san": ["example.com", "www.example.com"],
  "certificateChain": [...],
  "grade": "B",
  "errors": []
}

API Usage

Dataset API

Access results via the Apify Dataset API:

# Get all results
curl "https://api.apify.com/v2/acts/YOUR_ACTOR_ID/runs/last/dataset/items"

# Filter expired certificates
curl "https://api.apify.com/v2/acts/YOUR_ACTOR_ID/runs/last/dataset/items?filter=daysUntilExpiry<0"

# Get only critical issues (Grade F)
curl "https://api.apify.com/v2/acts/YOUR_ACTOR_ID/runs/last/dataset/items?filter=grade=F"

Run Actor API

curl -X POST https://api.apify.com/v2/acts/YOUR_ACTOR_ID/runs \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "domains": ["example.com", "secure-site.org"],
    "timeout": 10
  }'

Security Grading System

Grade	Criteria
A	Key size ≥2048 bits, expires in >90 days
B	Key size ≥2048 bits, expires in 31-90 days
C	Key size <2048 bits OR expires in 1-30 days
F	Certificate expired OR connection failed

Use Cases

Website Security Audits

Monitor client websites for certificate issues and upcoming renewals.

Infrastructure Monitoring

Track SSL certificates across your entire infrastructure and API endpoints.

Compliance Reporting

Generate reports for security compliance requirements and certificate inventory.

Automated Alerts

Schedule regular runs and integrate with monitoring systems to catch expiring certificates.

Vendor Assessment

Evaluate the security posture of third-party services and APIs you depend on.

Certificate Management

Track certificate details across multiple domains and subdomains in one centralized report.

Technical Details

• Built with TypeScript and Apify SDK v3
• Uses Node.js built-in tls and https modules for maximum reliability
• Handles invalid/self-signed certificates gracefully
• Configurable connection timeouts prevent hanging on unresponsive domains
• Comprehensive error logging for troubleshooting
• Efficient batch processing with detailed progress logging

Support

For technical support or feature requests, please contact the development team or visit the actor's page on the Apify platform.