Tool
SSL Certificate Checker
Check certificate validity, expiry, issuer, TLS version, and Subject Alternative Names for any domain.
About
What Does an SSL Certificate Do?
An SSL/TLS certificate does two things: it encrypts traffic between a browser and server, and it proves the server's identity. Without a valid certificate, browsers display security warnings and modern HTTP/2 connections are refused entirely.
Certificates are issued by Certificate Authorities (CAs) — trusted third parties that verify domain ownership before signing. The trust chain goes from the server certificate up through one or more intermediate CAs to a root CA pre-installed in your operating system or browser.
This tool checks TLS versions 1.0 through 1.3, validates the full certificate chain, and surfaces expiry warnings — useful for DevOps teams managing dozens of domains and security auditors assessing TLS hardening posture.
What We Check
Certificate Details Explained
Validity Period
The not-before and not-after dates defining when the certificate is active. Public CA certificates are capped at 398 days by the CA/Browser Forum.
Issuer & Certificate Authority
The organization that signed and vouches for the certificate — Let's Encrypt, DigiCert, Sectigo, etc. EV certificates show the organization name in older browsers.
TLS Version
The negotiated TLS protocol version. TLS 1.3 is preferred; TLS 1.0 and 1.1 are deprecated and blocked by most modern clients.
Subject Alternative Names
All domain names and IP addresses the certificate covers. A wildcard SAN like *.example.com covers all first-level subdomains.
Signature Algorithm
The cryptographic algorithm used to sign the certificate. SHA-256 with RSA-2048 or ECDSA P-256 are current standards; SHA-1 certificates are rejected by browsers.
Expiry Warning
Certificates expiring within 30 days are flagged. Expired certificates cause hard browser errors affecting all visitors until renewed.
FAQ
Frequently Asked Questions
How do I check if an SSL certificate is valid?+
Enter any domain above. The tool connects to the server, retrieves the certificate chain, and shows validity dates, issuer, TLS version, and SANs — no openssl or command line required.
What is a Subject Alternative Name (SAN)?+
SANs are additional hostnames the certificate covers. A single certificate can be valid for www.example.com, example.com, and api.example.com. Wildcard SANs like *.example.com cover all first-level subdomains.
What is the difference between TLS 1.2 and TLS 1.3?+
TLS 1.3 completes handshakes in one round trip instead of two, removes weak cipher suites, and improves forward secrecy. TLS 1.2 is still widely supported but TLS 1.0/1.1 are deprecated and blocked by major browsers.
Why does my certificate show as invalid after just being issued?+
Common causes: certificate is for a different hostname, the intermediate CA chain is not served correctly by the web server, or the certificate is from a private CA not in the public trust store. Check the issuer field in the results.
How early should I renew an SSL certificate?+
Renew at least 30 days before expiry. Let's Encrypt recommends 60 days. Certificates from public CAs now have a maximum validity of 398 days per CA/Browser Forum requirements.