Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Actions Artifact Enrichment Exposed Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

SSL Certificates

 

What It Looks Like

Get SSL Certificates History

Retrieves the SSL certificate history for a given certificate SHA-1 hash or IP address.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/ssl-certificate/history?query=240461b20dbb24a61b0a986821c2ad01bd3a8522'
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/ssl-certificate/history?query=194.42.46.143'

Parameters

Field Field Type Description
queryString SHA-1 hash or associated IP address for which to retrieve certificate history

Sample Response

{
    "results": [
        {
            "sha1": "240461b20dbb24a61b0a986821c2ad01bd3a8522",
            "firstSeen": "2015-02-09",
            "ipAddresses": [
                "194.42.46.143",
                "194.42.46.243"
            ],
            "lastSeen": "2017-01-09"
        },
        ...
    ],
    "success": true
}
			

Get SSL Certificates

Retrieves an SSL certificate by its SHA-1 hash.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/ssl-certificate?query=240461b20dbb24a61b0a986821c2ad01bd3a8522'

Parameters

Field Field Type Description
queryString SHA-1 hash of the certificate to retrieve

Sample Response

{
    "issuerCountry": "US",
    "subjectCommonName": "securefx.hannover-re.com",
    "subjectSurname": null,
    "subjectOrganizationUnitName": "IT",
    "subjectGivenName": null,
    "success": true,
    "fingerprint": "24:04:61:b2:0d:bb:24:a6:1b:0a:98:68:21:c2:ad:01:bd:3a:85:22",
    "issuerStateOrProvinceName": null,
    "issuerCommonName": "Symantec Class 3 EV SSL CA - G3",
    "issuerGivenName": null,
    "subjectLocalityName": "Hannover",
    "subjectOrganizationName": "Hannover Rueck SE",
    "issueDate": "Feb  4 00:00:00 2015 GMT",
    "subjectEmailAddress": null,
    "subjectProvince": "Niedersachsen",
    "subjectStateOrProvinceName": "Niedersachsen",
    "issuerEmailAddress": null,
    "subjectSerialNumber": null,
    "issuerProvince": null,
    "issuerOrganizationUnitName": "Symantec Trust Network",
    "serialNumber": "82940326346474168202516519612504129226",
    "issuerSurname": null,
    "issuerStreetAddress": null,
    "issuerLocalityName": null,
    "expirationDate": "Feb  4 23:59:59 2017 GMT",
    "issuerOrganizationName": "Symantec Corporation",
    "sha1": "240461b20dbb24a61b0a986821c2ad01bd3a8522",
    "subjectStreetAddress": "Karl-Wiechert-Allee 50",
    "sslVersion": "3",
    "issuerSerialNumber": null,
    "subjectCountry": "DE"
}
			

Search SSL Certificates by Keyword

Retrieves SSL certificates for a given keyword.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/ssl-certificate/search/keyword?query=sinkhole'
            

Parameters

Field Field Type Description
queryString keyword on which to search

Sample Response

{
    "queryValue": "sinkhole",
    "results": [
        {
            "matchType": "sha1",
            "fieldMatch": "certificate",
            "focusPoint": "ff5288f55f58c52ed654b8eb815b6d40973e0f17"
        },
        ...
    ],
    "success": true
}
			

Search SSL Certificates

Retrieves SSL certificates for a given field value.

Curl Example

$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/ssl-certificate/search?query=Symantec Class 3 EV SSL CA - G3&field=issuerCommonName'
            

Parameters

Field Field Type Description
fieldString field by which to search
Allowed values: name, issuerSurname, subjectOrganizationName, issuerCountry, issuerOrganizationUnitName, fingerprint, subjectOrganizationUnitName, serialNumber, subjectEmailAddress, subjectCountry, issuerGivenName, subjectCommonName, subjectAlternativeName, issuerCommonName, issuerAlternativeName, issuerStateOrProvinceName, issuerProvince, subjectStateOrProvinceName, sha1, subjectStreetAddress, subjectSerialNumber, issuerOrganizationName, subjectSurname, subjectLocalityName, issuerStreetAddress, issuerLocalityName, subjectGivenName, subjectProvince, issuerSerialNumber, issuerEmailAddress
queryString field value for which to search

Sample Response

{
    "queryValue": "Symantec Class 3 EV SSL CA - G3",
    "results": [
        {
            "issuerCountry": "US",
            "subjectCommonName": "phonehome.apple.com",
            "subjectOrganizationName": "Apple Inc.",
            "subjectOrganizationUnitName": null,
            "subjectGivenName": null,
            "subjectSurname": null,
            "fingerprint": "ce:6e:04:6b:36:66:3a:18:c6:e3:f9:66:24:26:34:64:3c:23:b2:f2",
            "issuerStateOrProvinceName": null,
            "issuerCommonName": "Symantec Class 3 EV SSL CA - G3",
            "subjectLocalityName": "Cupertino",
            "issueDate": "Feb 21 00:00:00 2017 GMT",
            "subjectEmailAddress": null,
            "subjectProvince": "California",
            "subjectStateOrProvinceName": "California",
            "issuerEmailAddress": null,
            "subjectSerialNumber": null,
            "issuerProvince": null,
            "issuerOrganizationUnitName": "Symantec Trust Network",
            "serialNumber": "56348713647461512210340582309978795867",
            "issuerSurname": null,
            "issuerStreetAddress": null,
            "issuerLocalityName": null,
            "subjectStreetAddress": "1 Infinite Loop",
            "issuerSerialNumber": null,
            "issuerOrganizationName": "Symantec Corporation",
            "sslVersion": "3",
            "sha1": "ce6e046b36663a18c6e3f966242634643c23b2f2",
            "expirationDate": "Mar  1 23:59:59 2019 GMT",
            "issuerGivenName": null,
            "subjectCountry": "US"
        },
        ...
    ],
    "success": true
}