SSLMate Cert Spotter API

@SSLMate list all domains we're currently monitoring for certificate issuance and show me their status

Here are the 4 domains currently monitored by Cert Spotter: 1. **example.com** — Active monitoring, last certificate detected 3 days ago 2. **api.example.com** — Active monitoring, last certificate detected 12 days ago 3. **staging.example.com** — Active monitoring, no certificates detected in past 30 days 4. **legacy.example.net** — Active monitoring, last certificate detected 47 days ago All domains are configured to alert on new issuances via your webhook endpoint.

This example demonstrates the audit capability — useful when onboarding new team members or reviewing your certificate monitoring footprint. Requires a valid API key with read access. The MCP returns domain names and basic metadata; it does not include full certificate details unless you drill into specific events.

@SSLMate retrieve the webhook configuration so I can verify where certificate alerts are being sent

Your Cert Spotter webhook is configured as follows: **Endpoint:** https://hooks.example.com/cert-alerts **Status:** Active **Events:** New certificate issuance, certificate expiration warnings **Last successful delivery:** 2 hours ago This webhook receives POST requests whenever a monitored domain has a new certificate logged in Certificate Transparency logs.

This read-only check is critical for debugging alert delivery issues or confirming integration health after infrastructure changes. The MCP does not modify webhook settings — you'll need to use the SSLMate dashboard or API directly to update the endpoint URL or event filters.

@SSLMate get details for event ID evt_abc123xyz and summarize whether this certificate issuance looks legitimate for our domain

**Event evt_abc123xyz** was logged 6 hours ago: **Domain:** api.example.com **Issuer:** Let's Encrypt (R3) **Valid from:** 2025-01-15 08:22:00 UTC **Valid until:** 2025-04-15 08:22:00 UTC **SANs:** api.example.com, www.api.example.com **Assessment:** This appears legitimate. The certificate was issued by a trusted CA you've used before, covers expected subdomains, and aligns with your typical 90-day renewal cycle. No suspicious SANs detected.

This synthesis example pairs the MCP's event metadata with the AI's reasoning to triage certificate issuances. Useful for spotting unauthorized certificates or phishing domains. You must already have the event ID (typically from a webhook payload or prior domain listing). The AI's legitimacy assessment is heuristic — always verify suspicious certificates manually.

When Cert Spotter catches shadow IT certificate issuance

A 6-person engineering team runs a B2B SaaS platform with a dozen subdomains across staging, production, and customer-facing services. They use the List Monitored Domains tool in a weekly security standup to confirm that every domain in Cert Spotter matches their internal asset inventory. When a certificate event fires for an unexpected subdomain—say, a developer spun up a test environment without logging it—the Get CertSpotter Event tool surfaces the issuer and timestamp within seconds. This MCP works best when your domain footprint is under 50 monitored domains and you already use Cert Spotter's paid tier. If you're managing hundreds of domains or need real-time alerting beyond webhook review, you'll hit the API's rate limits and want a dedicated security orchestration tool instead. For small teams who treat certificate transparency as a compliance checkpoint, this MCP turns a monthly spreadsheet audit into a 5-minute Slack thread.

Why this MCP isn't built for live incident triage

A 3-person DevOps team gets paged at 2 AM because a production certificate expired and customers can't reach the app. They open Switchy hoping to query Cert Spotter for the cert's renewal history and pinpoint when the last issuance happened. The Get CertSpotter Event tool can retrieve event metadata, but only if you already know the event ID—there's no search-by-domain-and-date tool in this MCP's 3-tool set. The Retrieve Webhook Settings tool confirms their alerting config, but that doesn't help mid-incident. This MCP is designed for proactive monitoring and audit workflows, not reactive troubleshooting. If your team needs to trace certificate lineage during an outage, you're better off querying Cert Spotter's web dashboard directly or using a broader certificate management MCP. Save this integration for the post-mortem review, where listing monitored domains helps you document what should have been watched.

When quarterly audits demand certificate transparency proof

A 10-person fintech startup preparing for SOC 2 Type II needs to prove they monitor certificate issuance across all production domains. Their auditor asks for a timestamped log showing every cert event in Q3 and confirmation that no rogue certificates were issued. The compliance lead uses List Monitored Domains to generate a snapshot of coverage, then pipes event IDs into Get CertSpotter Event to pull metadata for each issuance—issuer name, validity period, and discovery timestamp. The Retrieve Webhook Settings tool documents their alerting posture for the auditor's evidence binder. This workflow assumes your certificate volume is low enough that manual event retrieval doesn't become a bottleneck; if you're issuing dozens of certs per week, you'll want an automated export instead of querying events one by one. For startups closing their first compliance audit, this MCP turns a vague 'we monitor certificates' claim into a defensible artifact.