What is SSL/TLS?
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that secure communications between clients and servers. When a website uses https://, the server presents an X.509 certificate to prove its identity and establish an encrypted channel. Certificates are issued by Certificate Authorities (CAs) and form a chain of trust from the leaf certificate up to a trusted root CA.
How it works
During the TLS handshake, the server sends its certificate chain to the client. Each certificate in the chain is signed by the one above it, ending at a root CA that browsers and operating systems trust by default. This tool connects to the domain, completes the TLS handshake, and extracts the full certificate chain along with the negotiated protocol version (e.g. TLS 1.3) and cipher suite. Certificate validity is determined by comparing the notBefore and notAfter fields against the current time.
How to use this tool
- Enter a domain name (e.g.
example.com) and click Check - View the connection info - TLS protocol version and cipher suite
- Inspect each certificate in the chain - subject, issuer, validity window, and SANs
- Check the validity indicator - green for valid, amber if expiring within 30 days, red if expired
- Copy the SHA-256 fingerprint with the copy button for certificate pinning or verification
Common use cases
- Checking certificate expiry before renewals - avoid downtime from expired certs
- Verifying that the correct certificate was deployed after an update or migration
- Confirming Subject Alternative Names (SANs) cover all required subdomains and domains
- Inspecting the certificate chain to debug
SSL_ERROR_RX_RECORD_TOO_LONGor chain trust errors - Checking the negotiated protocol to confirm
TLS 1.3is in use and older versions are disabled