Home All Tools Security Analysis SSL Checker

SSL Checker

Verify SSL certificate details, validity, and certificate chain

Related Tools

Security Headers Scanner

Scan for CSP, HSTS, X-Frame-Options

HTTP Headers Checker

Inspect response headers and server info

Port Scanner

Scan common ports (21, 22, 80, 443, etc.)

Email Security Checker

Check SPF, DKIM, DMARC records

URL Redirect Checker

Track 301/302 redirect chains

What is an SSL Checker?

An SSL Checker is a diagnostic tool that fetches an SSL certificate from a web server and checks it. Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are cryptographic protocols that securely transport data between browser and server. An SSL certificate verifies the authenticity of a website and can be used to secure it.

Our SSL Checker is designed to directly connect to the target server on port 443, retrieve the X.509 certificate and its chain, and present the subject, issuer, validity dates, remaining days, the signature algorithm, key size, Subject Alternative Names (SANs) and the complete certificate chain in one place.

What does the SSL Checker tell you?

The tool checks an SSL certificate and then shows the following:

  • Status — If the certificate is valid, it will show if it is Expiring Soon (within 14 days) or Expired.
  • Days Remaining — The number of days remaining on the certificate.
  • Subject (CN) — Common Name for which certificate is issued.
  • Organization — (For an OV/EV certificate) the name of the organization that issued it.
  • Issuer (CN) — The Certificate Authority (CA) who signed the certificate.
  • Valid From / Valid To — The certificate's validity period is from the beginning date to the end date.
  • Total Validity — days of the certificate's validity.
  • Serial Number — The CA's unique identifier for the person or company.
  • Version: X.509 certificate version (usually v3).
  • Signature Algorithm — Cryptographic algorithm used to create the signature on the certificate (e.g., SHA256-RSA).
  • Key Size — RSA/ECDSA key size (in bits).
  • Key Usage — The uses that are allowed to use the certificate's public key.
  • Subject Alt Names (SANs) — Aliases for the domain(s) that are included in the certificate.
  • The intermediate and root CA certificates in the trust chain.

The SSL Checker tool can be used to detect the security level of a given SSL connection.

The process of checking an SSL certificate only takes a few seconds:

  • Type in a domain name (such as example.com).
  • Also, don't put in http:// or https:// — only the domain name.
  • Click Check SSL button.
  • Read the certificate information, chain and warnings about expiration.

Here are some tips on managing SSL Certificates.

  • Most certificates are issued for 90 – 365 days, and can be renewed before their expiration date. Set up monitoring to get alerts when a certificate is within 14 days of expiry.
  • Ensure that SAN coverage is correct – Ensure that all domains and subdomains that are being served are included in the SAN field.
  • Check if the chain is complete. If an intermediate certificate is missing, browsers will display a security alert box.
  • Strong key sizes: preferably, use 2048 bits or more for RSA keys. The key length of the ECDSA keys should be a minimum of 256 bits.
  • Use certificates that are signed using SHA-256 or a stronger hash function; do not use certificates signed with the insecure hash function, SHA-1.
  • If you have multiple certificates, check each one separately as they might be different certificates.

Why SSL Certificate Monitoring is important?

When SSL certificate expires, visitors to your site will not be able to view pages because browsers will be alerted to a security problem. All this can cause losses in revenue, harm to reputation and lower search engine rank. Frequent SSL checks will let you remain ahead of the expiry dates and certificate misconfigurations.

Also, the Subject Alternative Name might be wrong, the signature algorithm might be weak, or the certificate chain might be misconfigured, all of which can lead to connectivity problems. Our SSL Checker can help you detect such issues before your users do.

There are three types of SSL Certificates.There are three different types of SSL Certificates.

  • DV (Domain Validated) — The CA only validates the domain name. These are the most frequently and quickly issued (e.g. Let's Encrypt).
  • OV (Organization Validated) — Organization is legally established as verified by the CA. The certificate includes the organization's name.
  • (Extended Validation) EV — The highest level of validation. The structure and legal form is well established.
  • Wildcard — It covers the domain and its first level subdomains (e.g., *.example.com).
  • Multi-Domain (SAN) — This will cover multiple different domain names on one certificate.

Privacy

We make a direct connection to the target server and present the certificate information in your browser. No data of the domain(s) visited or data returned is stored, logged or shared with anyone related to the domains you check. There are no accounts, rate limits or captchas needed for the SSL Checker to be used for free.

Frequently Asked Questions

What is SSL certificate?

An SSL (Secure Sockets Layer) certificate is a digital certificate that provides security for the communication between a browser and the server via TLS (Transport Layer Security) protocols and verify the legitimacy of a website.

But is the SSL Checker tool free?

Yes. There are no signs up, no daily limits, no captcha with our SSL Checker, it is 100% free. As many certificates as desired can be checked.

How long are SSL certificates valid?

Most publicly trusted SSL certificates are now valid for a maximum of 397 days (about 13 months). Let's Encrypt and others ACME providers give certificates for 90 days. Self-signed certificates may be valid with any period of time but they are not trusted by the browsers.

When an SSL certificate expires?

If the SSL certificate is going to expire, then the browser will show a security warning and might even refuse to allow access to the site. This means that you are losing traffic, trust and can even suffer a drop in the rankings for search engines. It's critical to renew certificates before they expire.

What is Subject Alternative Name (SAN)?

The extension, called a Subject Alternative Name (SAN), enables a certificate to be valid for more than one domain name. A certificate for example.com, for example, can also have www.example.com and mail.example.com in the SAN field.

What is a certificate chain?

A certificate chain is a list of certificates from the server's certificate to a trusted Root Certificate Authority. It is usually composed of the server certificate, one or more intermediate CA certificates, and the root CA certificate. The browser needs a chain for verification of the connection.

What is the connection method for the SSL Checker to the server?

Using PHP's stream functions, our tool opens a direct TCP connection to port 443 for the target domain, performs an SSL/TLS handshake, and extracts the X.509 certificate and certificate chain from the connection parameters. No third party API is used.

Is it possible to view a certificate for a subdomain?

Yes. The SSL certificate for any domain or subdomain, including those like api.example.com or mail.example.com can be checked. The tool shows the certificate presented by the server for that particular hostname.