Back to Tools

SSL Certificate & TLS Checker

Check SSL certificate validity, expiration, issuer, hostname match, chain, and TLS details.

Enter a domain name without protocol (e.g., google.com)
SSL Certificate for

SSL certificate and TLS validation

Use this SSL checker to inspect certificate validity, issuer, expiration, hostname coverage, certificate chain, and TLS-related details. It helps diagnose HTTPS warnings before they affect users.

When to use this tool

  • Check whether a certificate is expired or close to expiry.
  • Verify issuer, SAN names, and hostname match.
  • Diagnose browser warnings after certificate installation.
  • Review chain and intermediate certificate issues.

How to read the results

  • Validity dates show when the certificate starts and expires.
  • Issuer identifies the certificate authority.
  • Subject/SAN values show which hostnames are covered.
  • Chain warnings often mean missing or wrong intermediate certificates.

Common SSL/TLS problems

Expired cert: renew and deploy the current certificate.
Self-signed cert: browsers will not trust it for public websites.
Incomplete chain: install the required intermediate certificate bundle.
Weak TLS version: test protocol support with the TLS scanner.

Related tools

TLS ScannerHTTP HeadersDNS Lookup

Common reasons include an expired certificate, hostname mismatch, missing intermediate certificate, self-signed certificate, or an untrusted issuer.

A certificate chain links the server certificate to intermediate certificates and a trusted root certificate. Browsers need the full chain to verify trust.

A hostname mismatch happens when the certificate common name or SAN list does not include the domain being checked.

Renew the certificate with your CA or hosting provider, install the new certificate and intermediates, then reload the web server and test again.

TLS 1.2 and TLS 1.3 are the modern secure versions. SSLv2, SSLv3, TLS 1.0, and TLS 1.1 should generally be disabled.