Live TLS certificate checks for devops & agent workflows.
An agent or monitoring workflow needs to know if a certificate is about to expire — sourced and current. Dynamic Feed performs a live TLS handshake to the domain you name and returns the certificate's details, signed and timestamped.
The call
Keyless over MCP, or one REST call with a free key. Every datapoint is provenance-stamped and citeable.
# Keyless — one signed call over REST:
curl -s https://dynamicfeed.ai/v1/batch -H "Content-Type: application/json" \
-d '{"calls":[{"tool":"cert_check","args":{"domain":"github.com"}}]}'
# MCP (keyless) — point any client at https://dynamicfeed.ai/mcp, then call cert_check(domain="github.com")Sample response
{ "domain": "example.com", "valid": true, "issuer_cn": "...", "not_after": "...Z",
"days_to_expiry": 62, "expiring_soon": false, "signature": { "alg": "Ed25519", "key_id": "df-ed25519-4cb32e72f333" } }Why live data
Dynamic Feed opens a live TLS handshake to the domain you specify and reports the served certificate — subject, issuer, validity window, days-to-expiry, SAN list and TLS version — in a provenance envelope, signed over its exact bytes and verifiable against /.well-known/keys. This is a measurement we make ourselves at request time, of a domain's PUBLIC certificate — we do not access your systems or private keys. It reflects what the endpoint presented at that moment; treat it as one signed observation, not a full security audit.
Use it for
- Catch an expiring certificate before it takes a service down
- A signed record of a domain's cert state at a point in time
- Agents / monitors that must verify TLS validity, not assume it
- Pairs with CVE, package-health and exploited-vulnerability feeds
FAQ
Do you access my servers?
No. We perform a TLS handshake to the public endpoint of a domain you name and read the certificate it presents — the same thing any browser sees. We never touch your infrastructure or private keys.
What does it return?
The certificate's subject, issuer, validity dates, days-to-expiry, an expiring-soon flag, the SAN list and the negotiated TLS version — each measured live and signed.
What does the signature prove?
That Dynamic Feed observed this exact certificate state at this time and the record hasn't been altered since — authenticity and integrity, not a judgement that the configuration is secure.