summaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md560
1 files changed, 560 insertions, 0 deletions
diff --git a/README.md b/README.md
index e7a34ce..68062e1 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ Simple PHP script which decodes an SSL connection and/or certificate and display
* Validates the certificate, chain, CRL and OCSP (of every cert in the chain)
* Has easy copy-pastable PEM versions of certs
* Ciphersuite enumeration as an option.
+* JSON API
* Fast.
### Features
@@ -28,6 +29,7 @@ Simple PHP script which decodes an SSL connection and/or certificate and display
- Full certificate chain validation.
- Issuer validation
- Date validation
+- JSON API
### Requirements
@@ -53,3 +55,561 @@ See [https://tls.so](https://tls.so).
### License
GNU Affero GPL v3: [https://www.gnu.org/licenses/agpl-3.0.html](https://www.gnu.org/licenses/agpl-3.0.html)
+
+
+### JSON API
+
+Endpoint: `/json.php`.
+
+
+
+Accepts:
+- CSR
+- Certificate
+- Host (+port, default 443)
+
+Returns JSON UTF-8 encoded certificate (and connection) data.
+
+Add `type=pretty` as parameter to get a pretty printed JSON (text/html). Otherwise just JSON (application/json).
+
+Examples:
+
+#### CSR
+
+Params:
+
+ - `csr` = PEM encoded certificate request
+
+Example Request:
+
+ json.php?csr=-----BEGIN+CERTIFICATE+REQUEST-----+%0D%0AMIIG8zCCBpgCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx+%0D%0AITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCBkgwggQ6BgcqhkjO+%0D%0AOAQBMIIELQKCAgEA5KY342mozvKAAICT4EXDMfnDw7HkribKi8vMy%2BHQXJ%2FhAoNs+%0D%0AByxZygZVc48Q0FA1wMcFC20RtdswMCuogBlUcNxmOCZe%2FmYIJxfp6EWi6ZG0vTA5+%0D%0An6a89iEnfgZ9s2xnhO%2FXiHFax8cjHujQPH3epAtVsBPoxIHsWtVZv%2Fp08L6xgSHl%0D%0AwCQB00fuAhWu60oF45vsQwD%2FvPtQnYFD2elDWivcz51YT8c9EyiXb6geHhGSJkAY%0D%0AVEXNPV7%2FMrAF9ufhc9ss9vrxRiAvBEW2KToL8%2FcYa%2B1L0%2FVEGgJ8jkhhSfiN2q13%0D%0A%2FwBMgG%2FKPr5v94qjeuM4fl6LPZqOjhoYTJJL3WWiAiUzMez30hz%2BE1TUe5f9VI%2Ba%0D%0A1BH%2FhFvlDhuIEyIfsmupzKf0RpzXbSkP%2F4v3PlOuiuOEza1mbZZSOXBGOdKYYC7K%0D%0ALtVb62MD0B%2FFvD8yKO5NQCwFbQC60tU6JyneJJFdqY0HUjHERC3FMDoXoEH%2Fv8b5%0D%0A93kDg8jvmwijh96HgxkssoiRxYp9a9IL%2BGQ1WYYtVTSCz8zgWZyo0W0%2B3bJ66oAg%0D%0Al%2BfZw98xSa0SG1bd8k4c6xVgp%2Bou3EPorbXdgZg31HKrbiFVuhuJFvP3fRHw2GGM%0D%0A9oyFdAGuf1mdQU4XwqoEmhcRnIkN4IF8aMz7VEawAbLgNmu8E9bWIrEjMCkCIQDv%0D%0AQXTIsw1pCZXmF6Yum2%2FgP6xqbCuL6Te4q7KQrPYTyQKCAgEAooejkz2e%2BfnMKnIM%0D%0AK1xMcR8%2FgnD0HDPnhZ5WSwEl%2BalDjAl1U15BdcjIFL%2FdpCRn6JwuM2uY3wtyVU6i%0D%0A2iW4dXsP7rkh2jZP008MQc1e2OrqscGgqpHwJyZa14bUDMbCp2rVYaR2IxLOKa98%0D%0AvbTq8YOBwT1rml1yUYoQHRoU5sFLomfqZILEfomx9w%2FSS9HH6iUYX6AGrGFi9Dqc%0D%0AyOrzkUYFh7c5JSLzvt8I2Q8hZMDz%2FUwuHkfQ%2FjUDZXtazUOhAjxUfvYDYqCMF%2F7R%0D%0AZPjkpo0yX8Rb13J50%2BUuPfOvrWl6nnK%2BNN8Y%2FRIBzaEvEsq6%2BH6mf0J3XFVGtIPy%0D%0AIulMe5iyTwyvdUHxxZzWjRY9apPw6Laoen4yK5D6IrqY2QCGvWZHgfa41raQEKtq%0D%0AXuubALxOtBxehEansfB2g7hY%2BNfFk0BskswhVqJw6EoLUJKPijXY9Kms%2FANXRpto%0D%0Au0Qzv76YZfJwg%2Faidowoewp%2B7cBAGZbRg1gcGU%2Fe9cFqmruwgy%2Bs2p6t3GamgSRn%0D%0AdwNCOe0R0UjdjZaieJLu6EkZK%2BdhcDXvlVd%2FRx2Vq62zKgYawvIsctdseUAs%2BGf6%0D%0Ajweb38m1uCyIyUkMrOH9GnxCkyiUAH05UJAXT3%2FhhS4sra6A74K%2BAF8wlpfxYY38%0D%0Aquo1Ai%2Bc9MBg%2FKWIVQrsinDI%2BKUDggIGAAKCAgEAkXIvCerLlpA%2FTP7joo0ruxkr%0D%0AGaHa0g0xLJp89r1eRbyzlZZPgsq1AqCfp0%2B2TYAe%2FZsn0Xs4R9n7S5lXIhKEO4YM%0D%0ACIOdWMCZL%2FZoeMzEv8ievxBoFLUQNMzTnRS9lOhaC3ew9JjQMszM5wRAtrdCVgnG%0D%0ACxWD4JC9okn%2F%2BnTSE5exLda%2FQ8BpXzKUuWSJaGYt1H1pRsUXsx0apZ2u%2FRyq6aI4%0D%0A2HwOKZN0%2FPV%2FoHQ8ayxu22dbfduY7YJ4zMkeovggR6tAoOKw4%2BxMMy82DKxpa%2Fkt%0D%0A5a%2B26Myf2dkzHH6ndgupjde%2FsZUifoJMib6i33DdT3TPwiJ1QvCK7cTlgO9CzeIZ%0D%0AssPBYC%2FfpV65Ih9wWJPaObDQPA5tt%2BtKTMOKwz9jmiaXFhmlGZtCahfll5xWXzVJ%0D%0AFbM6NxgYg0bErRcyck8Ngc5%2BO8fm3oGSotQ7eVh%2B%2B04J5g3vk9ufqbi02mFlpMZi%0D%0A%2FFykgQYbnCen%2BBxcO%2BboUMd4urqL0VpSu5NtBd8%2BqULWRrvBEf8s2IY3OaOQEvwJ%0D%0ANZhWJdNpg2lY%2BUmefxm9P9qQqfIhJ3LZavr3jfy81xVFqOciO1Xt7TfzVFqMGH1s%0D%0AaKyPCpApJQ%2BWPuM1WiAimGJFUgk5ZwHyqC8NFDA5wSr%2BfYR6NxZv3pFscb3PqxpQ%0D%0A6C%2BjnKYiyibu4indeE6gADALBglghkgBZQMEAwIDSAAwRQIgMvqOm1M55K0mNYL2%0D%0ArtHl2W%2F1zJufX7FlpAlR3UgoqdICIQDQoyoS8ND%2BjSUl1Pbn%2Buh6yzglP3vfvyxB%0D%0Ax1%2BT5MCUKw%3D%3D%0D%0A-----END+CERTIFICATE+REQUEST-----
+
+Response
+
+ {
+ "data": {
+ "chain": {
+ "1": {
+ "subject": {
+ "C": "AU",
+ "ST": "Some-State",
+ "O": "Internet Widgits Pty Ltd"
+ },
+ "key": "-----BEGIN PUBLIC KEY-----\nMIIGS[...]LKJu7iKd14Tg==\n-----END PUBLIC KEY-----\n",
+ "details": {
+ "bits": "4096",
+ "key": "-----BEGIN PUBLIC KEY-----\nMIIGS[...]LKJu7iKd14Tg==\n-----END PUBLIC KEY-----\n",
+ "dsa": {
+ "p": "...",
+ "q": "...",
+ "pub_key": "..."
+ },
+ "type": "1"
+ }
+ }
+ }
+ }
+ }
+
+
+#### Certificate
+
+Params:
+
+ - `csr` = PEM encoded certificate
+
+Example Request:
+
+ json.php?csr=-----BEGIN+CERTIFICATE-----%0D%0AMIIKmDCCBoCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCTkwx%0D%0AFTATBgNVBAgMDFp1aWQgSG9sbGFuZDESMBAGA1UEBwwJUm90dGVyZGFtMRowGAYD%0D%0AVQQKDBFTcGFya2xpbmcgTmV0d29yazEVMBMGA1UECwwMU3BhcmtsaW5nIENBMRUw%0D%0AEwYDVQQDDAxTcGFya2xpbmcgQ0EwHhcNMTUwMzI5MTExMzU4WhcNMTcwMzI4MTEx%0D%0AMzU4WjBvMRMwEQYDVQQDDApnb29nbGUuY29tMRIwEAYDVQQIDAlSb3R0ZXJkYW0x%0D%0ACzAJBgNVBAYTAk5MMRowGAYDVQQKDBFTcGFya2xpbmcgTmV0d29yazEbMBkGA1UE%0D%0ACwwSU3BhcmtsaW5nIFdlYnNpdGVzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC%0D%0ACgKCAgEAoi3dJz7UcdbIU%2BfM5S44tk8MM%2B%2BPguUDVnC2wviFgpg6Q%2BINGnAofUoe%0D%0Ay%2BCtiqNWZyey0QO9AglEX8Q0z3eTSTf29ntBgfMUwpMkkXuXDrdH78%2Fzh83L4VkO%0D%0Ar%2B87cRZi4clskcIE1DJrw%2FbN9oyRAjWdKZfpaMtLT9ab4yWNOCqy0gzxiG7NfAfv%0D%0AvqxF6Rwg9lNVJmRqwxP54qa2ayjmqVPhBgLqpRRfE2CPxxiCb8KdYhbFVaEraXKM%0D%0ARMFans%2BXSD6I5e0N3BTjAf2%2Bv6Dzjyt9sQFh%2FEpjqZrTe2JCwg3C44hy8RdohuN%2B%0D%0At0OsvAO46Xk7cP8Z%2FhqxSpcvNRhcjFQ6bCv74OXInVu5pSHydARSlM0FKfhAjaVl%0D%0Acu9Q%2FpkQ2rhFtvpKnJr%2B3tZiSlRpuK0MLDLMhgWopfMzXvBAzSxDC0hXODzjHA0M%0D%0AoTbW4vDmAv6bn%2BJXzxHsaxjkbpr1x2FRbwj8ZuwIzUIZP46iRVzZ97p%2B6D9LK40q%0D%0AhI50eiuFQfigqXoe5BrniQtkZi293H4dKJzvoLSAbjYB0PLD6I7zkNt8QtVDLhSz%0D%0A5u7fC890VYK9DZZP1B8RAYn91SRRFBBnJDSRgvutA%2FRSkXkLXviCw4oDIfijTrg4%0D%0AW35ASS5LjAOwbucKY3lsbd2lbLGcyxro9Z9aeLxZEX49X3u1dhUCAwEAAaOCAykw%0D%0AggMlMA8GA1UdEwEB%2FwQFMAMBAf8wHQYDVR0OBBYEFK8Cti%2BdB4641gUmn048XvPu%0D%0AhCs0MB8GA1UdIwQYMBaAFKyJWGQeqG3MO7k4TliuqefL7do3MAsGA1UdDwQEAwIF%0D%0AoDATBgNVHSUEDDAKBggrBgEFBQcDATCCASQGA1UdHwSCARswggEXMEmgR6BFhkNo%0D%0AdHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9u%0D%0AU2VjdXJlU2VydmVyQ0EuY3JsMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv%0D%0AbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDA0oDKgMIYuaHR0%0D%0AcDovL2NybC5wa2lvdmVyaGVpZC5ubC9Sb290TGF0ZXN0Q1JMLUcyLmNybDAgoB6g%0D%0AHIYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcmwwL6AtoCuGKWh0dHA6Ly9jcmwu%0D%0AdGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3JsMFEGA1UdEQRKMEiCCyouZ29v%0D%0AZ2xlLm5sggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CBSouY29tggpyYXltaWku%0D%0Ab3JnggwqLnJheW1paS5vcmcwggEzBggrBgEFBQcBAQSCASUwggEhME8GCCsGAQUF%0D%0ABzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxp%0D%0AZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCYGCCsGAQUFBzAChhpodHRwOi8vc3Iu%0D%0Ac3ltY2IuY29tL3NyLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv%0D%0AY2EuY29tMDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5kaWdpZGVudGl0eS5ldS9M%0D%0ANC9zZXJ2aWNlcy9vY3NwMB8GCCsGAQUFBzABhhNodHRwOi8vc3Iuc3ltY2QuY29t%0D%0AMCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3MudGVyZW5hLm9yZzANBgkqhkiG%0D%0A9w0BAQUFAAOCBAEAWM5iu%2F7PUCJyhN3nR77FxCWanLeAIWU8NJEpspjZgjH5j0Oc%0D%0A8mqYmJEzfrIg4O%2F9ZoqrUV1OiDW7fyf7DHW9yTwmcc%2Fwute05TRN3dtUXmzNMk6B%0D%0ABfaBbwuXjL8ZEZcZnHKSvWxMmqG2Rx3csA68I53qluedP2b61dQiTwiBa1SH4v3G%0D%0A78ZeJi03RSoB6Fbn6l%2BcIfPNI877d%2BpzOvBs05Vj57bdb%2B7Ji0lzDWQNV7uuc3%2FR%0D%0AWVEfZv0ErBgVxlI3EautBQaGZCf1ltwyo2n8wTkVou6wFIX5K4LkWOYuSiu%2FcgB3%0D%0A%2BOl21TGZf%2BoqhMCkmYp313MSbu8HUO7COpJI0B4IZ4Zm%2BYelKGjhDX8bx5l4TrGh%0D%0AfbsuoHpesRx3%2FzEnoP4VGAkuN7H5PALhF3G%2FRI8jKwBdLA3ANhochqsICmvu9Li2%0D%0ASJAxT87%2Fh4azUYGvd9ZnEWl5rMSqZkFtZhw0y%2FPVKgw0rXuaVfvqqSuETeq6gGp1%0D%0ALYtJUq4LO4Yvg7QXxa1qCeZmTbea%2BQmE%2BWsi0jPYQ3LkLkOpDh9nsuY3Ru7f%2BgIB%0D%0AdELs2TTpOKcg7eKLEpv8JGLXv0NYwc1aqKyL6jycjeGCC9riw8Xla3ZLgAx4IJyM%0D%0AJV7qRUxg4jMK%2BpQd5q1Z3RX5PIwPdzFkHdBnPH6k7GCOqEzQnmR8Hql9xUwi5svM%0D%0AiitX4Y7FbXW1zxzaBX6SLCfE60lUhSh7ik%2Bb9TK77Gg%2FuLDmdanXpFguSezGCHZ2%0D%0AjL4mYLeXWV88WVXEH4tmXsCQrQsmnlcTAJpvXW7NvV8lCjqh3RbXXG7RHd2IEWfr%0D%0AZAAaT%2BnwNIW%2Fx8mXJxUx9RpCKVS%2BCm8Q%2FjDHT9X7DxdHlzzzvN%2Brv8yy6P%2Fp8HGP%0D%0AY84H84qVP9uQgoAxArKRIVIO7ZjaT38V5tlidTxjyf38y0E%2FHV%2BLM2vjl3wsefQw%0D%0AU8dzNGCNvEWycVrBrZArjITkHFMq%2F3VUODlX4M3GTZ4XuZR%2BEGB0kF3uyApE%2FfLX%0D%0AP4qzfsTw%2F0p0Xn7K%2Ff3HsYyyXbh17sR761gbQCXHJN1YE0F5U4F7DESgbhWZrLJ6%0D%0AtCG5Np%2FmrQ7rKIJxKqSdSKicKYgi0lSk0bq9eF0QLDvECiCiEDT33D8ju%2BKjPXie%0D%0Ad6bddv3wUguPUOg7hYr1DLaRwZ9FtfM2UqYtEQxwuebDragUY2gO0tT2wtqNFhwl%0D%0AXnPFJhWi3Atz%2FcjvdlktvhhaqHJLUkmaXVsgys470rUUq%2BJETCUVM8dKYfC3Nir1%0D%0APcl%2Bic8lyHLRserIynKLsnYlCgMb6DdbyMXWUUe2OGuUvz9OI09VjY8vAnKfM0E0%0D%0AQ3aqS6U2xoswso%2Bov1HkVOOlcNFpJAqQ7pn4iA%3D%3D%0D%0A-----END+CERTIFICATE-----%0D%0A
+
+Example Response:
+
+ {
+ "data": {
+ "chain": {
+ "1": {
+ "cert_data": {
+ "name": "/CN=google.com/ST=Rotterdam/C=NL/O=Sparkling Network/OU=Sparkling Websites",
+ "subject": {
+ "CN": "google.com",
+ "ST": "Rotterdam",
+ "C": "NL",
+ "O": "Sparkling Network",
+ "OU": "Sparkling Websites"
+ },
+ "hash": "ceef4183",
+ "issuer": {
+ "C": "NL",
+ "ST": "Zuid Holland",
+ "L": "Rotterdam",
+ "O": "Sparkling Network",
+ "OU": "Sparkling CA",
+ "CN": "Sparkling CA"
+ },
+ "version": "2",
+ "serialNumber": "3",
+ "validFrom": "150329111358Z",
+ "validTo": "170328111358Z",
+ "validFrom_time_t": "1427627638",
+ "validTo_time_t": "1490699638",
+ "extensions": {
+ "basicConstraints": "CA:TRUE",
+ "subjectKeyIdentifier": "AF:02:B6:2F:9D:07:8E:B8:D6:05:26:9F:4E:3C:5E:F3:EE:84:2B:34",
+ "authorityKeyIdentifier": "keyid:AC:89:58:64:1E:A8:6D:CC:3B:B9:38:4E:58:AE:A9:E7:CB:ED:DA:37\n",
+ "keyUsage": "Digital Signature, Key Encipherment",
+ "extendedKeyUsage": "TLS Web Server Authentication",
+ "crlDistributionPoints": "\nFull Name:\n URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl\n\nFull Name:\n URI:http://crl.comodoca.com/COMODORSACertificationAuthority.crl\n\nFull Name:\n URI:http://crl.pkioverheid.nl/RootLatestCRL-G2.crl\n\nFull Name:\n URI:http://sr.symcb.com/sr.crl\n\nFull Name:\n URI:http://crl.tcs.terena.org/TERENASSLCA.crl\n",
+ "subjectAltName": "DNS:*.google.nl, DNS:google.com, DNS:*.google.com, DNS:*.com, DNS:raymii.org, DNS:*.raymii.org",
+ "authorityInfoAccess": "CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt\nCA Issuers - URI:http://sr.symcb.com/sr.crt\nOCSP - URI:http://ocsp.comodoca.com\nOCSP - URI:http://ocsp.digidentity.eu/L4/services/ocsp\nOCSP - URI:http://sr.symcd.com\nOCSP - URI:http://ocsp.tcs.terena.org\n"
+ },
+ "purposes": {
+ "sslclient": {
+ "ca": "",
+ "general": ""
+ },
+ "sslserver": {
+ "ca": "",
+ "general": "1"
+ },
+ "nssslserver": {
+ "ca": "",
+ "general": "1"
+ },
+ "smimesign": {
+ "ca": "",
+ "general": ""
+ },
+ "smimeencrypt": {
+ "ca": "",
+ "general": ""
+ },
+ "crlsign": {
+ "ca": "",
+ "general": ""
+ },
+ "any": {
+ "ca": "1",
+ "general": "1"
+ },
+ "ocsphelper": {
+ "ca": "",
+ "general": "1"
+ },
+ "timestampsign": {
+ "ca": "",
+ "general": ""
+ }
+ }
+ },
+ "validation_type": "organisation",
+ "crl": {
+ "1": {
+ "crl_uri": "http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl",
+ "status": "ok",
+ "crl_last_update": "Mar 30 00:56:21 2015 GMT\n",
+ "crl_next_update": "Apr 3 00:56:21 2015 GMT\n"
+ },
+ "2": {
+ "crl_uri": "http://crl.comodoca.com/COMODORSACertificationAuthority.crl",
+ "status": "ok",
+ "crl_last_update": "Mar 29 19:04:22 2015 GMT\n",
+ "crl_next_update": "Apr 2 19:04:22 2015 GMT\n"
+ },
+ "3": {
+ "crl_uri": "http://crl.pkioverheid.nl/RootLatestCRL-G2.crl",
+ "status": "ok",
+ "crl_last_update": "Jan 8 10:19:45 2015 GMT\n",
+ "crl_next_update": "Jan 8 10:24:45 2016 GMT\n"
+ },
+ "4": {
+ "crl_uri": "http://sr.symcb.com/sr.crl",
+ "status": "ok",
+ "crl_last_update": "Mar 30 09:01:05 2015 GMT\n",
+ "crl_next_update": "Apr 6 09:01:05 2015 GMT\n"
+ },
+ "5": {
+ "crl_uri": "http://crl.tcs.terena.org/TERENASSLCA.crl",
+ "status": "ok",
+ "crl_last_update": "Mar 29 16:28:00 2015 GMT\n",
+ "crl_next_update": "Apr 2 16:28:00 2015 GMT\n"
+ }
+ },
+ "ocsp": "No OCSP URI found in certificate",
+ "hostname_in_san_or_cn": "n/a; ca signing certificate",
+ "serial": "3",
+ "key": {
+ "type": "rsa",
+ "bits": "4096",
+ "signature_algorithm": "sha1WithRSAEncryption",
+ "certificate_pem": "-----BEGIN CERTIFICATE-----\nMIIK[...]Q7pn4iA==\n-----END CERTIFICATE-----\n",
+ "public_key_pem": "-----BEGIN PUBLIC KEY-----\nMIIC[...]UCAwEAAQ==\n-----END PUBLIC KEY-----\n",
+ "spki_hash": "MQEUI8vhXsSgP7y58AWpE3xfqepYOHILKdHRewQSWkE="
+ }
+ }
+ }
+ }
+ }
+
+
+#### Hostname + Port
+
+Params:
+
+ - `host` = Hostname or IP address
+ - `port` = port to test (443, 993, 465, 8443 etc).
+ - ciphersuites = 1 to enumerate ciphersuites supported by the tested server. Takes longer. If not specified or not 1, ciphersuites will not be tested, used ciphersuite will be reported.
+
+
+Port is optional and defaults to 443. Ciphersuites is optional and defaults to 0.
+
+Example request:
+
+ json.php?host=mijn.ing.nl&ciphersuites=1
+
+Example response:
+
+ {
+ "data": {
+ "connection": {
+ "chain": {
+ "0": {
+ "name": "mijn.ing.nl",
+ "issuer": "Symantec Class 3 EV SSL CA - G3"
+ },
+ "1": {
+ "name": "Symantec Class 3 EV SSL CA - G3",
+ "issuer": "VeriSign Class 3 Public Primary Certification Authority - G5"
+ },
+ "validation": {
+ "status": "success"
+ }
+ },
+ "ip": "145.221.194.139",
+ "hostname": "145.221.194.139",
+ "port": "443",
+ "protocols": {
+ "tlsv1.2": "1",
+ "tlsv1.1": "",
+ "tlsv1.0": "1",
+ "sslv3": ""
+ },
+ "supported_ciphersuites": [
+ "AES256-SHA256",
+ "AES256-SHA",
+ "AES128-SHA256",
+ "AES128-SHA",
+ "DES-CBC3-SHA"
+ ],
+ "tls_fallback_scsv": "unsupported",
+ "strict_transport_security": "max-age=31622400",
+ "public_key_pins": "not set",
+ "ocsp_stapling": "not set",
+ "openssl_version": "OpenSSL 1.0.2a 19 Mar 2015\n",
+ "datetime_rfc2822": "Mon, 30 Mar 2015 12:18:11 +0200\n"
+ },
+ "chain": {
+ "1": {
+ "cert_data": {
+ "name": "/jurisdictionC=NL/businessCategory=Private Organization/serialNumber=33031431/C=NL/postalCode=1102 MG/ST=Noord-Holland/L=Amsterdam Zuidoost/street=Bijlmerplein 888/O=ING BANK N.V./OU=Retail/CN=mijn.ing.nl",
+ "subject": {
+ "jurisdictionC": "NL",
+ "businessCategory": "Private Organization",
+ "serialNumber": "33031431",
+ "C": "NL",
+ "postalCode": "1102 MG",
+ "ST": "Noord-Holland",
+ "L": "Amsterdam Zuidoost",
+ "street": "Bijlmerplein 888",
+ "O": "ING BANK N.V.",
+ "OU": "Retail",
+ "CN": "mijn.ing.nl"
+ },
+ "hash": "0ede29ea",
+ "issuer": {
+ "C": "US",
+ "O": "Symantec Corporation",
+ "OU": "Symantec Trust Network",
+ "CN": "Symantec Class 3 EV SSL CA - G3"
+ },
+ "version": "2",
+ "serialNumber": "58839941462596964668433973121388685875",
+ "validFrom": "140918000000Z",
+ "validTo": "161029235959Z",
+ "validFrom_time_t": "1410998400",
+ "validTo_time_t": "1477785599",
+ "extensions": {
+ "subjectAltName": "DNS:mijn.ing.nl",
+ "basicConstraints": "CA:FALSE",
+ "keyUsage": "Digital Signature, Key Encipherment",
+ "extendedKeyUsage": "TLS Web Server Authentication, TLS Web Client Authentication",
+ "certificatePolicies": "Policy: 2.16.840.1.113733.1.7.23.6\n CPS: https://d.symcb.com/cps\n User Notice:\n Explicit Text: https://d.symcb.com/rpa\n",
+ "authorityKeyIdentifier": "keyid:01:59:AB:E7:DD:3A:0B:59:A6:64:63:D6:CF:20:07:57:D5:91:E7:6A\n",
+ "crlDistributionPoints": "\nFull Name:\n URI:http://sr.symcb.com/sr.crl\n",
+ "authorityInfoAccess": "OCSP - URI:http://sr.symcd.com\nCA Issuers - URI:http://sr.symcb.com/sr.crt\n"
+ },
+ "purposes": {
+ "sslclient": {
+ "ca": "",
+ "general": "1"
+ },
+ "sslserver": {
+ "ca": "",
+ "general": "1"
+ },
+ "nssslserver": {
+ "ca": "",
+ "general": "1"
+ },
+ "smimesign": {
+ "ca": "",
+ "general": ""
+ },
+ "smimeencrypt": {
+ "ca": "",
+ "general": ""
+ },
+ "crlsign": {
+ "ca": "",
+ "general": ""
+ },
+ "any": {
+ "ca": "1",
+ "general": "1"
+ },
+ "ocsphelper": {
+ "ca": "",
+ "general": "1"
+ },
+ "timestampsign": {
+ "ca": "",
+ "general": ""
+ }
+ }
+ },
+ "validation_type": "extended",
+ "crl": {
+ "1": {
+ "crl_uri": "http://sr.symcb.com/sr.crl",
+ "status": "ok",
+ "crl_last_update": "Mar 30 09:01:05 2015 GMT\n",
+ "crl_next_update": "Apr 6 09:01:05 2015 GMT\n"
+ }
+ },
+ "ocsp": {
+ "1": {
+ "status": "good",
+ "this_update": "Mar 27 09:39:42 2015 GMT",
+ "next_update": "Apr 3 09:39:42 2015 GMT",
+ "ocsp_uri": "http://sr.symcd.com"
+ }
+ },
+ "hostname_in_san_or_cn": "false",
+ "serial": "319",
+ "key": {
+ "type": "rsa",
+ "bits": "2048",
+ "signature_algorithm": "sha256WithRSAEncryption",
+ "certificate_pem": "-----BEGIN CERTIFICATE-----\nMII[...]5rbdag==\n-----END CERTIFICATE-----\n",
+ "public_key_pem": "-----BEGIN PUBLIC KEY-----\nMII[...]DAQAB\n-----END PUBLIC KEY-----\n",
+ "spki_hash": "Y4ViGKugRm0tW3lflAY9ZGTj6xga6CtiZpMwzbCZARs="
+ }
+ },
+ "2": {
+ "cert_data": {
+ "name": "/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3",
+ "subject": {
+ "C": "US",
+ "O": "Symantec Corporation",
+ "OU": "Symantec Trust Network",
+ "CN": "Symantec Class 3 EV SSL CA - G3"
+ },
+ "hash": "a0f7ac3e",
+ "issuer": {
+ "C": "US",
+ "O": "VeriSign, Inc.",
+ "OU": [
+ "VeriSign Trust Network",
+ "(c) 2006 VeriSign, Inc. - For authorized use only"
+ ],
+ "CN": "VeriSign Class 3 Public Primary Certification Authority - G5"
+ },
+ "version": "2",
+ "serialNumber": "168652503989349361584430187274382793396",
+ "validFrom": "131031000000Z",
+ "validTo": "231030235959Z",
+ "validFrom_time_t": "1383177600",
+ "validTo_time_t": "1698710399",
+ "extensions": {
+ "authorityInfoAccess": "OCSP - URI:http://s2.symcb.com\n",
+ "basicConstraints": "CA:TRUE, pathlen:0",
+ "certificatePolicies": "Policy: X509v3 Any Policy\n CPS: http://www.symauth.com/cps\n User Notice:\n Explicit Text: http://www.symauth.com/rpa\n",
+ "crlDistributionPoints": "\nFull Name:\n URI:http://s1.symcb.com/pca3-g5.crl\n",
+ "keyUsage": "Certificate Sign, CRL Sign",
+ "subjectAltName": "DirName: CN = SymantecPKI-1-533",
+ "subjectKeyIdentifier": "01:59:AB:E7:DD:3A:0B:59:A6:64:63:D6:CF:20:07:57:D5:91:E7:6A",
+ "authorityKeyIdentifier": "keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33\n"
+ },
+ "purposes": {
+ "sslclient": {
+ "ca": "1",
+ "general": ""
+ },
+ "sslserver": {
+ "ca": "1",
+ "general": ""
+ },
+ "nssslserver": {
+ "ca": "1",
+ "general": ""
+ },
+ "smimesign": {
+ "ca": "1",
+ "general": ""
+ },
+ "smimeencrypt": {
+ "ca": "1",
+ "general": ""
+ },
+ "crlsign": {
+ "ca": "1",
+ "general": "1"
+ },
+ "any": {
+ "ca": "1",
+ "general": "1"
+ },
+ "ocsphelper": {
+ "ca": "1",
+ "general": "1"
+ },
+ "timestampsign": {
+ "ca": "1",
+ "general": ""
+ }
+ }
+ },
+ "validation_type": "organisation",
+ "crl": {
+ "1": {
+ "crl_uri": "http://s1.symcb.com/pca3-g5.crl",
+ "status": "ok",
+ "crl_last_update": "Mar 18 00:00:00 2015 GMT\n",
+ "crl_next_update": "Jun 30 23:59:59 2015 GMT\n"
+ }
+ },
+ "ocsp": {
+ "1": {
+ "status": "good",
+ "this_update": "Mar 30 08:09:41 2015 GMT",
+ "next_update": "Apr 6 08:09:41 2015 GMT",
+ "ocsp_uri": "http://s2.symcb.com"
+ }
+ },
+ "hostname_in_san_or_cn": "n/a; ca signing certificate",
+ "serial": "105",
+ "key": {
+ "type": "rsa",
+ "bits": "2048",
+ "signature_algorithm": "sha256WithRSAEncryption",
+ "certificate_pem": "-----BEGIN CERTIFICATE-----\nMIIF[...]tO7w+Q==\n-----END CERTIFICATE-----\n",
+ "public_key_pem": "-----BEGIN PUBLIC KEY-----\nMII[...]ww0\nDwIDAQAB\n-----END PUBLIC KEY-----\n",
+ "spki_hash": "gMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5E="
+ }
+ },
+ "3": {
+ "cert_data": {
+ "name": "/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5",
+ "subject": {
+ "C": "US",
+ "O": "VeriSign, Inc.",
+ "OU": [
+ "VeriSign Trust Network",
+ "(c) 2006 VeriSign, Inc. - For authorized use only"
+ ],
+ "CN": "VeriSign Class 3 Public Primary Certification Authority - G5"
+ },
+ "hash": "b204d74a",
+ "issuer": {
+ "C": "US",
+ "O": "VeriSign, Inc.",
+ "OU": "Class 3 Public Primary Certification Authority"
+ },
+ "version": "2",
+ "serialNumber": "49248466687453522052688216172288342269",
+ "validFrom": "061108000000Z",
+ "validTo": "211107235959Z",
+ "validFrom_time_t": "1162944000",
+ "validTo_time_t": "1636329599",
+ "extensions": {
+ "basicConstraints": "CA:TRUE",
+ "crlDistributionPoints": "\nFull Name:\n URI:http://crl.verisign.com/pca3.crl\n",
+ "keyUsage": "Certificate Sign, CRL Sign",
+ "certificatePolicies": "Policy: X509v3 Any Policy\n CPS: https://www.verisign.com/cps\n",
+ "subjectKeyIdentifier": "7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33",
+ "1.3.6.1.5.5.7.1.12": "0_¡] [0Y0W0U\u0016\timage/gif0!0\u001f0\u0007\u0006\u0005+\u000e\u0003\u0002\u001a\u0004\u0014åÓ\u001a†¬ŽkÃπjÔH\u0018,{\u0019.0%\u0016#http://logo.verisign.com/vslogo.gif",
+ "authorityInfoAccess": "OCSP - URI:http://ocsp.verisign.com\n",
+ "extendedKeyUsage": "TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1"
+ },
+ "purposes": {
+ "sslclient": {
+ "ca": "1",
+ "general": ""
+ },
+ "sslserver": {
+ "ca": "1",
+ "general": ""
+ },
+ "nssslserver": {
+ "ca": "1",
+ "general": ""
+ },
+ "smimesign": {
+ "ca": "",
+ "general": ""
+ },
+ "smimeencrypt": {
+ "ca": "",
+ "general": ""
+ },
+ "crlsign": {
+ "ca": "1",
+ "general": "1"
+ },
+ "any": {
+ "ca": "1",
+ "general": "1"
+ },
+ "ocsphelper": {
+ "ca": "1",
+ "general": "1"
+ },
+ "timestampsign": {
+ "ca": "1",
+ "general": ""
+ }
+ }
+ },
+ "validation_type": "organisation",
+ "crl": {
+ "1": {
+ "crl_uri": "http://crl.verisign.com/pca3.crl",
+ "status": "ok",
+ "crl_last_update": "Mar 18 00:00:00 2015 GMT\n",
+ "crl_next_update": "Jun 30 23:59:59 2015 GMT\n"
+ }
+ },
+ "ocsp": "No OCSP URI found in certificate",
+ "hostname_in_san_or_cn": "n/a; ca signing certificate",
+ "serial": "234",
+ "key": {
+ "type": "rsa",
+ "bits": "2048",
+ "signature_algorithm": "sha1WithRSAEncryption",
+ "certificate_pem": "-----BEGIN CERTIFICATE-----\nMIIE0DCCB[...]JjhJ+xr3/\n-----END CERTIFICATE-----\n",
+ "public_key_pem": "-----BEGIN PUBLIC KEY-----\nMII[...]QAB\n-----END PUBLIC KEY-----\n",
+ "spki_hash": "JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="
+ }
+ }
+ }
+ }
+ } \ No newline at end of file
generated by cgit v1.1 at 2025-05-12 04:44:31 +0000