Certificates Hash

Introduction

The Certificate Details API allows you to retrieve detailed information about a certificate based on its hash.

Base URL

The base URL for all API requests is:

Domain URL
api.odin.ioapi.odin.io/v1

The endpoint for host search is:

/certificates/{hash}/

Authentication

All requests to this API must include an authentication token in the headers. Use the following header for authentication:

X-API-Key: V8qb6HJIRKY7tVH0sou90I7YX3pCuqLQfRLmUzxpQbY=

Request Parameters

The API endpoint expects a path parameter hash representing the certificate's hash.

GET /certificates/9831D920257433710088A33B701E794A456712601CABE63F8F0499A74D3489FE

CURL

{
    curl --location 'https://api.odin.io/v1/certificates/75F0DF8CF40AED70821FF3D9F7D8B81A2F2E23941316687AAFA42C1DB9B4C55C/' \
    --header 'Accept: application/json' \
    --header 'X-API-Key: V8qb6HJIRKY7tVH0sou90I7YX3pCuqLQfRLmUzxpQbY='
}

This cURL command is structured to perform an HTTP GET request to https://api.odin.io/v1/certificates/75F0DF8CF21AED70821FF3D9F7D8B81A2F2E23919526687AAFA42C1DB9B4C62C/.

It includes the following headers:

'Accept: application/json': Specifies that the client expects a JSON response.

'X-API-Key: V8qb6HJIRKY7tVH0sou90I7YX3pCuqLQfRLmUzxpQbY=': Provides the API key for authentication with the value 'V8qb6HJIRKY7tVH0sou90I7YX3pCuqLQfRLmUzxpQbY='.

Response Parameters

The response from the Odin Certificate Hash API will be in JSON format and include the following fields:

Example Response

{
  "success": true,
  "data": {
    "certificate": {
      "extensions": {
        "authority_info_access": {
          "issuer_urls": [
            "http://r3.i.jd.org/"
          ],
          "ocsp_urls": [
            "http://r3.o.jd.org"
          ]
        },
        "authority_key_id": "142eb317b75856cbae877560e61faf9d8b14c2c6",
        "basic_constraints": {
          "is_ca": true
        },
        "certificate_policies": [
          {
            "id": "2.23.298.1.2.1"
          },
          {
            "cps": [
              "http://cps.jd.org"
            ],
            "id": "1.3.6.1.4.1.87231.1.1.1"
          }
        ],
        "ct_poison": true,
        "extended_key_usage": {
          "client_auth": true,
          "server_auth": true
        },
        "key_usage": {
          "digital_signature": true
        },
        "subject_alt_name": {
          "dns_names": [
            "ssl.jd.nl"
          ]
        },
        "subject_key_id": "421234e6b3b70fd8732c1c45df8e9802ad22bc64"
      },
      "fingerprint_md5": "7CE997F7F0A602C956D0456FA815325C",
      "fingerprint_sha1": "BF33C0AC0B283770F3BD7A80633342FA07173FD6",
      "fingerprint_sha256": "5821D920259823410022A66B701E794A954012601CABE63F8F0499A74D3489FE",
      "issuer": {
        "common_name": [
          "R3"
        ],
        "country": [
          "US"
        ],
        "organization": [
          "Let's Encrypt"
        ]
      },
      "redacted": false,
      "serial_number": "374117329653479579086729740831297779041637",
      "signature": {
        "signature_algorithm": {
          "name": "jd256Withencryption",
          "oid": "1.2.429.113549.1.1.11"
        }
      },
      "subject": {
        "common_name": [
          "ssl.jd.nl"
        ]
      },
      "subject_alt_name": {
        "dns_names": [
          "ssl.jd.nl"
        ],
        "extended_dns_names": [
          {
            "domain": "jd",
            "fld": "jd.nl",
            "subdomain": "ssl",
            "tld": "nl"
          }
        ]
      },
      "subject_key_info": {
        "fingerprint_sha256": "60bc12d452ac3d6bdc9e78a8f8d09f3c593671121fe310fa828cc47858c741aa",
        "key_algorithm": "Elliptic_curve_cryptography",
        "public_key": {
          "b": "\"Zc65d8aa:93e7b3ebbdUv7128bce1d06b0ccSb0f6;ce<>'d2`K\"",
          "curve": "p256",
          "gx": "k12d1f7e1,BGf8bce6e8ca4@f2w03}81-eb3a0f4a19Ed898c296",
          "gy": "Oe8Be2fe1a7f9b8ee4ebJ|0f9e29+ce3Wk1^cecbb6@h7bfQf5",
          "length": 256,
          "p": "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
          "x": "78439415564173601141548180774233279366350530337334740087568487901179067694105",
          "y": "88063556683585599749478025404508566925039671466221039360904660618772036550273"
        }
      },
      "tbs_fingerprint": "e6c9b4db2d1b41d40ca4308372956b83a90ac8f080d15bb59e3a8b23876ad7ef",
      "validation_level": "DV",
      "validity": {
        "end": "2023-01-31T21:33:48",
        "length": 7775999,
        "start": "2022-11-02T21:33:49"
      },
      "version": 2
    },
    "tags": [
      "dv",
      "trusted",
      "precert"
    ]
  }
}

The response from the Certificate Hash API includes the following details:

successIndicates whether the API request was successful.
dataContains detailed information about the certificate.
certificateContains detailed information about the certificate itself.
extensionsContains the extensions information of the certificate.
authority_info_accessContains URLs related to the certificate's authority information.
issuer_urlsURLs for the issuer of the certificate.
ocsp_urlsURLs for OCSP (Online Certificate Status Protocol) related to the certificate.
authority_key_idThe authority key ID of the certificate.
basic_constraintsContains information about the basic constraints of the certificate.
is_caIndicates whether the certificate is a CA (Certificate Authority).
certificate_policiesContains the certificate policies associated with the certificate.
idThe ID of the certificate policy.
cpsURLs to the certificate policy statements.
ct_poisonIndicates whether the certificate is CT (Certificate Transparency) poison.
extended_key_usageContains information about the extended key usage of the certificate.
client_authIndicates whether the certificate is used for client authentication.
server_authIndicates whether the certificate is used for server authentication.
key_usageContains information about the certificate's key usage.
digital_signatureIndicates whether the certificate is used for digital signature.
subject_alt_nameContains alternative subject names associated with the certificate.
dns_namesDNS names associated with the certificate.
subject_key_idThe subject key ID of the certificate.
fingerprint_md5The MD5 fingerprint of the certificate.
fingerprint_sha1The SHA-1 fingerprint of the certificate.
fingerprint_sha256The SHA-256 fingerprint of the certificate.
issuerInformation about the issuer of the certificate.
common_nameThe common name of the issuer.
countryThe country associated with the issuer.
organizationThe organization associated with the issuer.
redactedIndicates whether the certificate is redacted.
serial_numberThe serial number of the certificate.
signatureContains information about the certificate's signature.
signature_algorithmContains information about the signature algorithm used.
nameThe name of the signature algorithm.
oidThe signature algorithm's OID (Object Identifier).
subjectInformation about the subject of the certificate.
common_nameThe common name of the subject.
subject_alt_nameContains alternative subject names associated with the certificate.
dns_namesDNS names associated with the certificate.
extended_dns_namesExtended DNS names associated with the certificate.
domainThe domain of the extended DNS name.
fldThe field of the extended DNS name.
subdomainThe subdomain of the extended DNS name.
tldThe top-level domain of the extended DNS name.
subject_key_infoContains information about the certificate's subject key.
fingerprint_sha256The SHA-256 fingerprint of the subject key.
key_algorithmThe algorithm used for the subject key.
public_keyContains information about the certificate's public key.
bThe base point of the public key.
curveThe curve used for the public key.
gxThe x-coordinate of the public key.
gyThe y-coordinate of the public key.
lengthThe length of the public key.
pThe prime number used for the public key.
xThe x-coordinate of the public key point.
yThe y-coordinate of the public key point.
tbs_fingerprintThe fingerprint of the tbs (to-be-signed) part of the certificate.
validation_levelThe validation level of the certificate.
validityInformation about the validity period of the certificate.
endThe end date of the validity period.
lengthThe length of the validity period in seconds.
startThe start date of the validity period.
versionThe version number of the certificate.
tagsAdditional tags associated with the certificate.
dvIndicates that the certificate is of Domain Validated (DV) type.
trustedIndicates that the certificate is trusted.
precertIndicates that the certificate is a precertificate.

Note: The above information is based on the response provided.

ODIN logo
LinkedIn IconDiscord IconGitHub IconMedium IconX Icon