Verify your SSL/TLS certificate, check expiration dates, inspect protocol versions, and ensure your HTTPS configuration meets modern security standards.
An SSL/TLS certificate is the digital credential that enables HTTPS, the encrypted connection between a visitor's browser and your web server. Without a valid certificate, browsers display alarming "Not Secure" warnings that drive visitors away and signal untrustworthiness to search engines. Google has used HTTPS as a ranking signal since 2014, making SSL not just a security necessity but an SEO requirement.
Modern certificates do more than encrypt traffic. They establish a chain of trust from a globally recognised Certificate Authority (CA) through one or more intermediate certificates down to your domain certificate. If any link in this chain is broken (a missing intermediate, an expired root, or a mismatched domain name), the entire connection is flagged as insecure. Our SSL checker validates the complete chain to pinpoint exactly where issues lie.
The protocol version matters as much as the certificate itself. TLS 1.0 and 1.1 were officially deprecated by the IETF in March 2021 (RFC 8996) due to known vulnerabilities including BEAST, POODLE, and CRIME attacks. All major browsers now block connections using these outdated protocols. TLS 1.2 remains widely supported and secure when configured with strong cipher suites, while TLS 1.3 is the gold standard, offering a simplified handshake, mandatory forward secrecy, and the removal of all legacy cryptographic algorithms.
Cipher suite selection is another critical but often overlooked aspect. Even with TLS 1.2, enabling weak ciphers like RC4, 3DES, or export-grade encryption creates exploitable vulnerabilities. A well-configured server prioritises AEAD ciphers (AES-GCM, ChaCha20-Poly1305), supports forward secrecy via ECDHE key exchange, and disables compression to prevent CRIME attacks. Our checker evaluates your server's negotiated cipher suite against current NIST and Mozilla recommendations.
Beyond the certificate and protocol, features like HSTS (HTTP Strict Transport Security) and OCSP stapling add layers of protection. HSTS ensures browsers always use HTTPS, preventing SSL-stripping attacks. OCSP stapling improves performance and privacy by having your server provide certificate revocation status directly. Check your security headers to verify HSTS is configured, and run a full domain scan for complete coverage.
Type your domain name above. We connect to port 443 and initiate a TLS handshake to retrieve your certificate and server configuration.
We examine the certificate's validity period, issuing CA, subject alternative names (SANs), key algorithm (RSA/ECDSA), and chain completeness.
We test which TLS versions your server supports, identify the negotiated cipher suite, check for forward secrecy, and flag any deprecated protocols.
You receive a grade from A+ to F with detailed findings. Each issue includes specific steps to fix, from renewing expired certs to disabling TLS 1.0.
Our SSL checker verifies multiple aspects of your HTTPS configuration: certificate validity and expiration date, the complete certificate chain from your domain to the root CA, TLS protocol versions supported (checking for deprecated TLS 1.0/1.1), cipher suite strength, OCSP stapling status, certificate transparency logs, and whether the certificate matches the domain name. Each element is checked against current security best practices.
You should check your SSL certificate at least monthly, and more frequently as the expiration date approaches. With the industry shift toward 90-day certificates (led by Let's Encrypt and upcoming changes from major CAs), automated monitoring is increasingly important. Certificate expiry is one of the most common causes of website outages; even major companies like LinkedIn and Microsoft have experienced embarrassing outages due to forgotten certificate renewals.
SSL is critical but it's just one layer. Scan your domain to check email authentication, DNS security, and HTTP headers too.
SSL (Secure Sockets Layer) is the predecessor to TLS (Transport Layer Security). SSL 2.0 and 3.0 are now deprecated due to known vulnerabilities. Modern "SSL certificates" actually use TLS, though the term "SSL" persists out of convention. TLS 1.2 and TLS 1.3 are the current recommended versions. TLS 1.3, released in 2018, offers improved performance with faster handshakes and stronger security by removing legacy cipher suites.
Common causes include: an expired certificate, the certificate doesn't match your domain name (e.g., cert for www.example.com but accessed via example.com), mixed content where the page loads some resources over HTTP, an incomplete certificate chain where intermediate certificates are missing, or a self-signed certificate that isn't trusted by browsers. Our SSL checker identifies the specific cause.
An A+ grade indicates a valid certificate with a complete chain, TLS 1.2+ only, strong cipher suites, HSTS enabled, and OCSP stapling active. An A means valid with minor improvements possible. B indicates functional but with outdated protocols like TLS 1.1 still enabled. C and below flag serious issues like expired certificates, weak ciphers (RC4, 3DES), or deprecated protocols. An F means critical failures like an invalid or self-signed certificate.