Dear,
Is there any public API that can help me in checking if example.com hosted at x.x.x.x IP has SSL from any trusted CA or not?
Thanks & Regards,
Gulshan
1 Like
Welcome Back to the Let's Encrypt Community, Gulshan 
Most trusted TLS/SSL certificates (like those issued by Let's Encrypt) map public encryption keys to fully qualified domain names (FQDNs), not IP addresses. Whether any CA is trusted or not depends upon whom you trust to determine trust. The IPv4/IPv6 address(es) of any FQDN can be queried via DNS lookup of its A/AAAA record(s).
what's your search string?
The domain name? If yes, you can use certificate monitors like https://crt.sh/
2 Likes
There are public services that offer that functionality, but. I do not know if they offer APIs. One example is SSL Server Test (Powered by Qualys SSL Labs) - which will check a domain name and list the certificate paths, which are mapped against the trusted CAs for several operating system and browser versions.
There Trusted CA stores of various operating systems and browsers are generally published by the software vendors, along with the applicable version number. Most HTTP/HTTPS programming libraries make it trivial to access the SSL Certificate with their documented public api methods, which you could then map against the lists of trusted roots.
2 Likes
How is the IP related to the query request?
Do you want to confirm that the name goes to a specific IP and that it has a valid cert?
Or are you really just concerned about the cert validity as it relates the the FQDN?
Or are you trying to find all FQDNs that resolve to a specific IP and then review all the names for cert validity?
Or maybe something completely different...
As you can see... I'm a bit confused about what you are actually looking to answer.
Perhaps you can expound on that one line question with a whole paragraph (or two if needed).
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.