SSL Certificate Checker
Check SSL/TLS certificates for any domain. View certificate details, expiration dates, issuer information, and the complete certificate chain.
Quick Check
google.com
github.com
cloudflare.com
microsoft.com
amazon.com
letsencrypt.org
SSL/TLS Information
| Term | Description |
|---|---|
Subject |
The entity the certificate is issued to (domain, organization, etc.) |
Issuer |
The Certificate Authority that issued the certificate |
Validity Period |
The date range during which the certificate is considered valid |
Certificate Chain |
The hierarchy of certificates from the end-entity certificate up to a trusted root CA |
Self-Signed |
A certificate signed by itself rather than a trusted CA (not trusted by browsers) |
Wildcard Certificate |
A certificate that secures a domain and all its subdomains (e.g., *.example.com) |
Subject Alternative Names (SAN) |
Additional domains/subdomains covered by the certificate |
| Level | Description | Browser Indicator | Use Case |
|---|---|---|---|
Domain Validation (DV) |
Only verifies that the applicant controls the domain | Padlock only | Basic websites, blogs, personal sites |
Organization Validation (OV) |
Verifies domain control and organization existence | Shows organization info | Business websites, e-commerce |
Extended Validation (EV) |
Rigorous verification of legal identity | Green bar with company name | Banks, financial institutions, high-security sites |
| Strength | Cipher Suite | Status |
|---|---|---|
| Strong | TLS_AES_256_GCM_SHA384 |
Recommended (TLS 1.3) |
| Strong | TLS_CHACHA20_POLY1305_SHA256 |
Recommended (TLS 1.3) |
| Moderate | ECDHE-RSA-AES128-GCM-SHA256 |
Acceptable (TLS 1.2) |
| Weak | RC4-SHA |
Deprecated |
| Weak | DES-CBC3-SHA |
Deprecated |
- Use TLS 1.2 or 1.3: Older versions (TLS 1.0, 1.1, SSL) are deprecated and insecure
- Certificate Validity: Industry standard is now 90-398 days (browser requirements tightening)
- Key Size: Use RSA 2048-bit or higher, or ECDSA with P-256 or higher
- Signature Algorithm: SHA-256 or stronger (SHA-1 is deprecated)
- Certificate Chain: Ensure complete chain is sent including intermediate certificates
- OCSP Stapling: Enable to improve certificate revocation checking performance
- HSTS: Implement HTTP Strict Transport Security to enforce HTTPS
- Perfect Forward Secrecy: Use ECDHE cipher suites to enable PFS
About SSL/TLS Certificates
SSL/TLS certificates are digital certificates that authenticate a website's identity and enable encrypted connections. They are essential for securing sensitive data like passwords, credit card numbers, and personal information transmitted over the internet.
Certificate Expiration Warning Levels
| Days Remaining | Status | Action Required |
|---|---|---|
| > 90 days | Healthy | No action needed |
| 30-90 days | Warning | Plan for renewal |
| 7-30 days | Critical | Renew immediately |
| < 7 days | Expiring Soon | Urgent renewal required |
| Expired | Expired | Certificate is invalid |