---
name: cert-metadata
type: instructions
description: Fetch factual metadata for a TLS intermediate CA seen on phishing sites (operator, root CA, key type, use case, related certs, count).
---

# Look up TLS intermediate CA metadata

## Purpose
When a user asks "what is intermediate certificate X?", retrieve the operator,
the root CA it chains to, the key type (RSA/ECDSA), the typical use case, sibling
intermediates from the same operator, and the current count of active phishings
using this intermediate.

## Endpoint
```
GET https://phishunt.io/api/v1/certs/<cert>.json
```

## Parameters
- `<cert>` - intermediate CA common name (path parameter, case-sensitive). Examples: `WE1`, `R10`, `GTS CA 1C3`. See https://phishunt.io/cert/ for the list.

## Example
```bash
curl -sf https://phishunt.io/api/v1/certs/WE1.json | jq '{cert, operator, key_type, use_case, active_phishings}'
```

## Errors
- HTTP 404 with `{"error": "Unknown cert intermediate: ..."}` if the intermediate is not in CERT_METADATA.
