API to retrieve known SSL certificates


Is there, or could there be, an API to retrieve all currently valid SSL certificates issued through Universal SSL for a customer’s domain?

The idea would be to get a list of known-legitimate certificates which the domain owner could then compare against the Certificate Transparency logs to detect any mismatches.


These would probably be the best place to start:


I’m not sure there’s an endpoint that will give historic issuances which may still be valid though.


Thanks! That looks promising. I’d prefer a serial number or fingerprint that could be matched uniquely against the CT logs, but I guess I could match them up based on the SNI and notbefore/notafter dates or something :slight_smile: