Get CT logs (order ID)

GET
https://www.digicert.com/services/v2/ctmonitor/{{order_id }}/details?offset=0&limit=1000

Use this endpoint to get the CT logs for the domains on a Secure Site Pro certificate using the certificate's order ID.

Example requests and response

cURL
curl -X GET \
  'https://www.digicert.com/services/v2/ctmonitor/{{order_id}}/details?filters[cn_san_search]=&filters[issuer_ca]={{name of certificate authority}}&filters[precert]=false&sort=-notbefore&offset=0&limit=1000' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}'
Python
import requests

url = "https://www.digicert.com/services/v2/ctmonitor/{{order_id}}/details?filters[cn_san_search]=&filters[issuer_ca]={{name of certificate authority}}&filters[precert]=false&sort=-notbefore&offset=0&limit=1000"

payload = ""
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json"
    }

response = requests.request("GET", url, data=payload, headers=headers)

print(response.text)
Go
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://www.digicert.com/services/v2/ctmonitor/{{order_id}}/details?filters[cn_san_search]=&filters[issuer_ca]={{name of certificate authority}}&filters[precert]=false&sort=-notbefore&offset=0&limit=1000"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
NodeJS
var request = require("request");

var options = { method: 'GET',
  url: 'https://www.digicert.com/services/v2/ctmonitor/{{order_id}}/details?filters[cn_san_search]=&filters[issuer_ca]={{name of certificate authority}}&filters[precert]=false&sort=-notbefore&offset=0&limit=1000',
  headers: 
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
200 OK
{
    "ct_certificates": [
        {
            "serial": "3aba0c39ed",
            "digicert_issued": false,
            "ctlogs": [
                {
                    "logged_on": "2020 Apr 06 | 11:37:33",
                    "entry_no": 0,
                    "log_name": "Google 'Xenon2020' log",
                    "operated_by": "Google",
                    "log_url": "ct.googleapis.com/logs/xenon2020"
                },
                {
                    "logged_on": "2020 Apr 06 | 11:37:33",
                    "entry_no": 0,
                    "log_name": "Let's Encrypt 'Oak2020' log",
                    "operated_by": "Let's Encrypt",
                    "log_url": "oak.ct.letsencrypt.org/2020"
                }
            ],
            "not_after": "05 Jul 2020",
            "not_before": "06 Apr 2020",
            "subject": "digiqatest.in",
            "issuer": "Let's Encrypt Authority X3",
            "precert": false,
            "hosts": {
                "hosts_in_order": [
                    "digiqatest.in"
                ],
                "hosts_not_in_order": []
            },
            "issuer_ca": "Let's Encrypt",
            "trusted_ica": false,
            "key_algorithm": "RSA",
            "key_length": 3072,
            "self_signed": false,
            "signature_algorithm": "RSAwithSHA256",
            "cert_type": "dv",
            "wildcard": false
        }
    ],
    "page": {
        "total": 1,
        "limit": 1000,
        "offset": 0
    },
    "issuer_ca_list": {
        "General": [
            "DigiCert",
            "Non-DigiCert"
        ],
        "Specific CAs": [
            "IdenTrust Services, LLC",
            "Let's Encrypt",
            "Sectigo"
        ]
    }
}

Request filters and URL query strings

Filters and URL query strings are appended to the endpoint URL using ?. Multiple filters and URL query strings can be appended to the request using &.

For example:

bash
https://www.digicert.com/services/v2/ctmonitor/{{order_id}}/details?filters[cn_san_search]=&filters[issuer_ca]={{name of certificate authority}}&filters[precert]=false&sort=-notbefore&offset=0&limit=1000
Name Req/Opt Type Description
issuer_ca optional string Brand name of certificate authority that issued the certificate.
Possible values:
  • DigiCert
  • Non-DigiCert (includes all other certificate brands)
  • {{specific brand name}} (e.g., Let's Encrypt)
cn_san_search optional string Common name or subject alternative name (SAN) to search (partial or full).
precert optional bool If the certificate in the CT log is a precertificate or a certificate.
Possible values:
  • true: precertificate
  • false: certificate
sort optional string Sort results by specified parameter.
Possible values:
  • notbefore
  • notafter
  • untrusted_ica
  • pem_cn
+ OR - optional Sort results in specified direction.
Possible values: :
  • + (ascending)
  • (descending)
offset required int Start list at the specified number for pagination.
Default: 0
limit required int Truncate list to the specified number for pagination.
Max: 1000

Response parameters

Name Type Description
ct_certificates array Details about the certificate.
.. serial string Serial number assigned to the certificate on issuance.
.. ctlogs array Details from CT logs.
.. .. logged_on string Timestamp of when the certificate was logged to CT log.
Format: UTC timezone and ISO 8601 date.
.. .. entry_no string Reference ID of CT log from the CT log server.
.. :. log_name string Name of the CT log server.
.. .. operated_by string Owner of CT log server.
.. .. log_url string URL of CT log server.
.. digicert_issued bool If the certificate was issued by DigiCert.
Possible values:
  • true: issued by DigiCert
  • false: issued by another certificate authority
.. not_after string Timestamp of when certificate validity ends.
Format: UTC timezone and ISO 8601 date.
.. not_before string Timestamp of when certificate validity begins.
Format: UTC timezone and ISO 8601 date.
.. subject string Name secured by the certificate.
.. issuer string Name of certificate authority that issued the certificate.
.. precert bool Is the certificate in the CT log a precertificate.
Possible values:
  • true: precertificate
  • false: certificate
Only returned if the precert request filter is used.
.. issuer_ca string Brand name of issuing certificate authority.
Only returned if the issuer_ca request filter is used.
.. trusted_ica bool If the issuing certificate authority (ICA) is DigiCert or is whitelisted.
Possible values:
  • true: DigiCert/whitelisted ICA
  • false: untrusted ICA
.. key_algorithm string Type of encryption algorithm (e.g., RSA)
.. key_length string Number of bits used in the key.
.. self_signed bool If the certificate is self-signed.
Possible values:
  • true: self-signed
  • false: not self-signed
.. signature_algorithm string Signing algorithm used by the certificate.
.. cert_type string Type of certificate.
Possible values:
  • EV
  • OV
  • DV
.. wildcard bool If the certificate is a wildcard certificate.
Possible values:
  • true: wildcard certificate
  • false: not a wildcard certificate
.. hosts object List of common name or subject alternative names in the order and not in the order
Only returned if the ca_san_search request filter is used.
.. .. hosts_in_order array Common name or subject alternative names in the certificate order
.. .. host_not_in_order array Common name or subject alternative names not in the certificate order
page object Details about results.
Modified using URL query strings.
.. total int Total number of records.
.. limit int Pagination record limit
.. offset int Pagination starting point
Issuer_ca_list array List of issuing certificate authorities (ICAs)
.. General object DigiCert and Non-DigiCert
.. Specified CAs object List of other certificate authorities present for the account.