SSL Certificate Checker — Issuer, SANs, Expiry, Chain JSON avatar

SSL Certificate Checker — Issuer, SANs, Expiry, Chain JSON

Pricing

$20.00 / 1,000 host checkeds

Go to Apify Store
SSL Certificate Checker — Issuer, SANs, Expiry, Chain JSON

SSL Certificate Checker — Issuer, SANs, Expiry, Chain JSON

Input: a list of hostnames. Output: one JSON record per host with certificate issuer, subject, SANs, validity dates, days-to-expiry, key type, and chain details, read directly over a live TLS connection. Cheap pay-per-result: $0.02 per host checked.

Pricing

$20.00 / 1,000 host checkeds

Rating

0.0

(0)

Developer

Anthony Snider

Anthony Snider

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

6 days ago

Last modified

Share

SSL Certificate Checker

Inspect any site's live SSL/TLS certificate by connecting directly over TLS — no third‑party API, just the real handshake.

Live on the Apify Store — run it instantly or call it as an agent tool via Apify MCP.

What you get

For each host, straight from the TLS handshake:

  • Validityvalid, expired, notYetValid, selfSigned, plus daysToExpiry for renewal alerts
  • Identitysubject, issuer, commonName, and all Subject Alternative Names (san)
  • DatesvalidFrom / validTo (ISO‑8601)
  • CryptoserialNumber, fingerprint256, keyType, bits, negotiated protocol, keyUsage
  • Chain — full issuer chain walked to the root, with chainLength

Single host or bulk, any port (defaults to 443).

Input

{
"hosts": ["github.com", "https://google.com", "expired.badssl.com:443"],
"port": 443,
"maxHosts": 50
}

You can also pass a single host (or url) string.

Output

{
"host": "github.com",
"port": 443,
"valid": true,
"issuer": "CN=Sectigo ECC Domain Validation Secure Server CA, O=Sectigo Limited, C=GB",
"subject": "CN=github.com",
"commonName": "github.com",
"san": ["DNS:github.com", "DNS:www.github.com"],
"validFrom": "2025-02-05T00:00:00.000Z",
"validTo": "2026-02-05T23:59:59.000Z",
"daysToExpiry": 226,
"expired": false,
"selfSigned": false,
"serialNumber": "0A1B2C...",
"fingerprint256": "AB:CD:...",
"protocol": "TLSv1.3",
"chainLength": 2,
"chain": [ { "subject": "...", "issuer": "...", "validTo": "..." } ]
}

Failed hosts still return a row with an error field, so a single bad target never breaks the run.