SSL Checker

Verify SSL certificates, check expiration dates, and analyze the complete certificate chain.

Command Line

$ curl https://dnsx.dev/ssl/github.com

Understanding SSL/TLS Certificates

SSL/TLS certificates are the foundation of secure communication on the internet. They establish an encrypted connection between a web server and a browser, ensuring that all data passed between them remains private and tamper-proof. When you see a padlock icon in your browser's address bar, it means the site has a valid SSL/TLS certificate and your connection is encrypted.

Our SSL checker tool connects to any domain on port 443 and analyzes the complete SSL/TLS configuration. It verifies the certificate's validity, checks the entire certificate chain from the leaf certificate through intermediates to the root CA, identifies the supported TLS protocol versions, and assigns an overall security grade based on the configuration.

SSL/TLS Concepts Explained

Certificate Validity

A certificate is valid when it hasn't expired, is issued by a trusted certificate authority, and the domain name matches. Expired or mismatched certificates trigger browser security warnings.

Certificate Chain

The chain of trust links your server's certificate to a root CA through intermediate certificates. A broken chain causes browsers to reject the certificate even if the leaf cert is valid.

TLS 1.3

The latest TLS version with faster handshakes, stronger encryption, and improved privacy. It removes legacy algorithms and reduces connection setup from two round trips to one.

TLS 1.2

Still widely supported and considered secure when configured properly. Supports a broader range of cipher suites than TLS 1.3 but requires careful configuration to avoid weak algorithms.

Security Grading

SSL grades evaluate protocol support, certificate validity, chain completeness, and cipher strength. An A+ grade requires modern TLS, a valid chain, and no support for deprecated protocols.

Subject Alternative Names

SANs allow a single certificate to cover multiple domain names and subdomains. Wildcard certificates (*.example.com) use SANs to secure all subdomains under a domain.

Frequently Asked Questions

What is an SSL certificate?▼

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection between a web server and a browser. SSL certificates contain the domain name, the certificate authority that issued it, the organization's details, the certificate's expiration date, and a public key used for encryption. Modern certificates actually use TLS (Transport Layer Security), the successor to SSL, but the term "SSL certificate" is still widely used.

How do I check if an SSL certificate is valid?▼

You can check SSL certificate validity using our free SSL checker tool. Enter the domain name and we'll verify: the certificate hasn't expired, it was issued by a trusted certificate authority, the domain name matches the certificate, and the full certificate chain is valid. Browsers also show a padlock icon in the address bar for sites with valid SSL certificates. An invalid certificate may indicate an expired cert, a self-signed cert, or a hostname mismatch.

What do SSL grades mean?▼

SSL grades rate the overall security of a domain's SSL/TLS configuration. An A+ grade indicates excellent security with strong protocols, a valid certificate chain, and modern cipher suites. An A grade means the certificate is valid with good configuration. A B grade suggests the certificate is valid but the server supports older protocols or weaker ciphers. Grades C and below indicate significant security concerns such as expired certificates, incomplete chains, or support for deprecated protocols like TLS 1.0.

What is a certificate chain?▼

A certificate chain (or chain of trust) is the sequence of certificates from the server's SSL certificate up to a trusted root certificate authority (CA). It typically includes three levels: the server (leaf) certificate issued for the domain, one or more intermediate certificates issued by the root CA, and the root certificate that is pre-trusted by browsers and operating systems. Each certificate in the chain is digitally signed by the next certificate above it, creating a verifiable path of trust.

What's the difference between TLS 1.2 and TLS 1.3?▼

TLS 1.3 is the latest version of the Transport Layer Security protocol and offers significant improvements over TLS 1.2. TLS 1.3 has a faster handshake (1 round trip vs 2), removes outdated cryptographic algorithms, encrypts more of the handshake for better privacy, and supports 0-RTT resumption for repeat connections. TLS 1.2 is still considered secure but TLS 1.3 is recommended. Older versions like TLS 1.0 and 1.1 are deprecated and should be disabled.