$ man ssl-cert-info
/ssl-cert-info(1)
PRICE / CALL
$0.03
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
webprobeCATEGORY
utilities
STATUS
● live
NAME
ssl-cert-info — ssl / tls certificate inspector
SYNOPSIS
POST https://x402.org/v1/ssl-cert-info
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call →
402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.DESCRIPTION
SSL / TLS certificate inspector. Issuer, subject, SAN list, validity dates, days-until-expiry, expires-soon flag. Sourced from Certificate Transparency logs (crt.sh). Optional cert history.
INPUT — request schema
| property | type | description | req? |
|---|---|---|---|
| host | string | Hostname to inspect (e.g. example.com); SNI used to fetch the active leaf certificate from CT logs. | required |
| history | boolean | Include up to 50 historical cert entries. Default false. | optional |
OUTPUT — response shape
| field | type | description |
|---|---|---|
| host | string | Echo of the hostname inspected, normalized to lowercase without scheme or port. |
| common_name | string | Subject Common Name (CN) on the leaf certificate, usually the primary hostname it was issued for. |
| issuer | string | Full issuer Distinguished Name string, including organization and country fields. |
| issuer_common_name | string | CN of the issuing CA (e.g. "Let's Encrypt R3", "DigiCert TLS RSA SHA256 2020 CA1"). |
| san_list | array | Subject Alternative Names covered by the cert, including wildcard and additional hostnames. |
| san_count | number | Number of entries in san_list. |
| not_before | string | ISO-8601 UTC timestamp when the certificate became valid. |
| not_after | string | ISO-8601 UTC timestamp when the certificate expires. |
| days_until_expiry | number | Whole days from now until not_after; negative if already expired. |
| days_since_issuance | number | Whole days elapsed since not_before. |
| is_expired | boolean | True when the current time is past not_after. |
| expires_soon | boolean | True when days_until_expiry is at or below the warning threshold (30 days). |
| serial_number | string | Hex-encoded certificate serial number as recorded by the issuing CA. |
| crtsh_id | number | Numeric crt.sh record ID for the leaf cert, usable to link to https://crt.sh/?id=<id>. |
| cert_history | array | Prior certs seen in CT logs for this host (issuer, not_before, not_after, crtsh_id); empty when not requested. |
| total_certs_seen | number | Total count of certificates ever logged for this host in Certificate Transparency. |
| source | string | Data source label, here "crt.sh" (Certificate Transparency log aggregator). |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.org/v1/ssl-cert-info \
-H 'Content-Type: application/json' \
-d '{ }'first response =
402 Payment Required with payment requirements; sign + retry with X-PAYMENT.EXAMPLE 2 · mcp
# install once claude mcp add x402 --command "npx x402-deployer-mcp" # then ask Claude Code: # "use the ssl-cert-info tool to ..."
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- ssltlscertificatesecurityct-logexpiry
- methods
- POST
- cluster
- webprobe
- price
- $0.03 USDC per call
ADJACENT — other endpoints in webprobe
| endpoint | description | price |
|---|---|---|
| arxiv-search | arXiv full-text search. | $0.03 |
| ssl-cert | SSL certificate inspector / TLS cert checker / certificate transparency lookup / ssl expiry. | $0.03 |
| subdomain-enum | Subdomain enumeration / attack-surface mapping / DNS recon. | $0.03 |
| archive-snapshot | Wayback Machine API / archive.org wrapper. | $0.02 |
| dmarc-check | DMARC / SPF / DKIM checker. | $0.02 |
| dns-lookup | DNS lookup / DNS resolver / DoH proxy. | $0.02 |
| expand-url | URL expander / redirect chain tracer / link-shortener resolver. | $0.02 |
| password-strength | Password strength meter + breach checker. | $0.02 |
SEE ALSO