SSL Certificate Checker
Analyze SSL/TLS certificates for any domain and check security details
Certificate Lookup
Details
The SSL Certificate Checker performs a deep inspection of the TLS/SSL certificate served by any HTTPS domain, revealing the full chain of trust, cryptographic parameters, and validity timeline that underpin secure web connections. When a browser connects to an HTTPS site, the server presents its digital certificate — a cryptographically signed document that proves its identity and establishes the encryption parameters for the session. This tool initiates a TLS handshake from the browser (via a backend proxy to bypass CORS restrictions on raw socket connections) and extracts every detail from the returned certificate: the subject Common Name and Subject Alternative Names (SANs), the issuing Certificate Authority and its organization, the validity period with start and end dates, the public key algorithm and bit length (RSA 2048/4096 or ECDSA P-256/P-384), the signature algorithm (SHA-256 with RSA, SHA-384 with ECDSA, etc.), the full certificate chain from leaf to root, and any X.509 extensions like Basic Constraints and Key Usage. The tool presents a color-coded status: green for valid, trusted certificates with more than 30 days remaining; yellow for certificates expiring within 30 days; and red for expired, self-signed, or untrusted certificates. A chain-of-trust visualization shows each certificate in the hierarchy from the domain certificate through intermediate CAs to the trusted root, making it easy to identify misconfigured or missing intermediate certificates. The tool also flags known security issues: weak signature algorithms (SHA-1), deprecated key sizes (RSA < 2048), certificates signed by distrusted CAs, and mismatched domain names. Common applications include verifying that a newly installed or renewed certificate is properly deployed, monitoring certificate expiration to prevent unexpected outages, debugging SSL/TLS errors reported by browsers or API clients, and auditing the cryptographic strength of certificates across a company's public-facing domains.
Examples
Valid Certificate
Domain: google.com - Valid until 2024-12-15, SHA-256, 2048-bit RSA
Wildcard Certificate
Domain: github.com - Valid, Wildcard cert, Let's Encrypt CA
Expired Certificate
Domain: expired-cert.example.com - EXPIRED certificate, last valid 2023-01-01
Self-Signed Certificate
Domain: self-signed.local - Self-signed certificate, not trusted
Related tools
Bandwidth Calculator
Estimate how long a file takes to transfer at a given connection speed — correctly handling bits vs bytes (Mbps vs MB/s) and SI vs binary size units
DNS Lookup Tool
Query DNS records and resolve domain names to IP addresses
HTTP Header Builder
Assemble HTTP request headers from a form and export them as a raw request block, a curl command, or a JavaScript fetch() call
HTTP Header Parser
Paste raw HTTP request or response headers and get a clean, structured breakdown with explanations for common headers like Cache-Control, CORS and security headers.
HTTP Request Builder
Test APIs and HTTP endpoints with customizable requests
IP Address Lookup
Comprehensive IP geolocation lookup with detailed analysis, bulk processing, history tracking, and security insights