Enricher - CIRCL SSL Certificate Fetcher

This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.


Enricher name

CIRCL SSL Certificate Fetcher




Enriches SSL fingerprint hash observables with the parsed certificate and all associated domain names.

API endpoint



The CIRCL SSL Certificate Fetcher enricher uses the CIRCL API to poll the CIRCL Passive SSL database and to obtain parsed SSL certificates and all domain names associated with the input SSL SHA-1 hash fingerprints.


Users need an API username and an API key. Sign up and subscribe to the service to obtain the required credentials to access the API endpoint exposing the service.

Configure the enricher parameters

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the CIRCL SSL Certificate Fetcher enricher.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://www.circl.lu/v2pssl/cfetch/.

  4. In the API user name field, enter your CIRCL user name.

  5. In the API key field, enter your CIRCL API key.

  6. To store your changes, click Save; to discard them, click Cancel.

See also