I've been making a client using the API to test some domains, and I notice some differences between the json object the API returns and the web interface.
Two things I was hoping to find :
- Expiration date
That seems to be available for each cert object, but that means parsing each object trying to figure out which is the one I'm testing and which are the chain, I have it working but it's a bit annoying to use imho. Any chance to have the "Server Key and Certificate #1" exposed separately like in the web interface ? Or, is the first cert guaranteed to be the one tested ? (Or maybe I have a wrong idea about how the web interface works and it could show you the chain first depending on the order they get sent).
Almost more importantly, that forces me to add all=on to my request, just to get a couple of expiration dates. I assume that must be a little more load on the service for no reason.
- The status
In the web interface, when you have a problem and you get a grade F for example, you get a nice error in English, for example : "This server is vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) vulnerability. Grade set to F. MORE INFO »" is there any way to get that from the API ? Figuring out the problem from the API result is actually pretty hard, I think. There is a lot of fields to check, and that makes the client fairly complex for something you clearly already have implemented on your side.
Don't get me wrong, I'm very grateful for this excellent free service, those are just the two points that "bothered" me when using the API . Currently I just store the grade and a link, and when you want to know why the grade is F you click the link, which starts the check all over again on ssllabs, taking even more ressources. If I could just get the error messages from the API, that second (or more) check wouldn't happen.