SSL Certificate Checker

Analyze SSL/TLS certificates for any domain and check security details

Certificate Lookup

Try:

Details

The SSL Certificate Checker performs a deep inspection of the TLS/SSL certificate served by any HTTPS domain, revealing the full chain of trust, cryptographic parameters, and validity timeline that underpin secure web connections. When a browser connects to an HTTPS site, the server presents its digital certificate — a cryptographically signed document that proves its identity and establishes the encryption parameters for the session. This tool initiates a TLS handshake from the browser (via a backend proxy to bypass CORS restrictions on raw socket connections) and extracts every detail from the returned certificate: the subject Common Name and Subject Alternative Names (SANs), the issuing Certificate Authority and its organization, the validity period with start and end dates, the public key algorithm and bit length (RSA 2048/4096 or ECDSA P-256/P-384), the signature algorithm (SHA-256 with RSA, SHA-384 with ECDSA, etc.), the full certificate chain from leaf to root, and any X.509 extensions like Basic Constraints and Key Usage. The tool presents a color-coded status: green for valid, trusted certificates with more than 30 days remaining; yellow for certificates expiring within 30 days; and red for expired, self-signed, or untrusted certificates. A chain-of-trust visualization shows each certificate in the hierarchy from the domain certificate through intermediate CAs to the trusted root, making it easy to identify misconfigured or missing intermediate certificates. The tool also flags known security issues: weak signature algorithms (SHA-1), deprecated key sizes (RSA < 2048), certificates signed by distrusted CAs, and mismatched domain names. Common applications include verifying that a newly installed or renewed certificate is properly deployed, monitoring certificate expiration to prevent unexpected outages, debugging SSL/TLS errors reported by browsers or API clients, and auditing the cryptographic strength of certificates across a company's public-facing domains.

Examples

Valid Certificate

Domain: google.com - Valid until 2024-12-15, SHA-256, 2048-bit RSA

Wildcard Certificate

Domain: github.com - Valid, Wildcard cert, Let's Encrypt CA

Expired Certificate

Domain: expired-cert.example.com - EXPIRED certificate, last valid 2023-01-01

Self-Signed Certificate

Domain: self-signed.local - Self-signed certificate, not trusted