Quttera's SSL validation API is a subset of its website malware scanner REST API. It checks whether a site has a valid and current SSL certificate. The default format for responses is JSON; it can return XML or YAML if preferred.
The API will initiate a query to determine if a specified domain has a valid SSL certificate. If it has one, the site supports encrypted communication. Second, It checks whether the certificate is expired. A server can use an expired or self-signed certificate, but it's less trustworthy and will trigger browser warnings.
By performing these checks, the API verifies whether a website is safe for sending and receiving sensitive information. You can run it on your own site to make sure your certificate is properly set up and current, or you can use it to determine that another site is secure. Either way, it helps to keep your business safe.
The client issues standard REST GET or POST requests. The following requests make up the API:
- SSL Scan (POST): Issues an asynchronous request for a domain's SSL certificate. If information no more than 15 minutes old is available from a previous call, it will return it immediately.
- SSL Status (GET): Returns the status of the current SSL Scan request. If there is no request, it will return a 404 (not found) status. The returned value will be NEW, SCAN, SCANNED, or DONE.
- SSL Report (GET): Returns the information from a prior SSL Scan.
The information in the report includes the name of the certificate authority, the expiration date and status, and the date the certificate was issued. If there was a problem with the request, it will give an error code and description. The report will follow this pattern: