Dev-Utilities logoDev-UtilitiesAbout

SSL Certificate Checker

Inspect the SSL/TLS certificate for any domain — expiry date, issuer, subject alternative names, cipher suite, and protocol version.

Related tools

DNS Propagation CheckerURL Encoder/Decoder

About the SSL Certificate Checker

An SSL/TLS certificate is a digital certificate that authenticates a website's identity and enables an encrypted HTTPS connection. Certificates are issued by Certificate Authorities (CAs) and have a fixed validity period — typically 90 days to 2 years. Expired or misconfigured certificates cause browser warnings, break automated clients, and can result in downtime.

What this tool checks

  • Expiry — how many days remain before the certificate expires
  • Subject — the Common Name (CN) the certificate was issued for
  • Issuer — the Certificate Authority that signed the certificate
  • SANs — Subject Alternative Names: all hostnames covered by the certificate
  • Protocol — TLS version negotiated (TLSv1.2 or TLSv1.3)
  • Cipher suite — the encryption algorithm negotiated for the connection
  • Fingerprints — SHA-1 and SHA-256 hashes of the certificate for identity verification

Certificate validity vs. trust

This tool connects to port 443 on the target domain and reads the certificate presented during the TLS handshake. It reports the certificate's contents and checks whether the domain matches and the certificate is not expired. Full chain trust validation (whether the CA is trusted, whether intermediate certificates are correctly served) requires a complete TLS client validation — browsers and tools like openssl s_client perform this.

Common use cases

  • Verifying a newly issued or renewed certificate is live and serving correctly
  • Checking expiry before it triggers browser warnings or automated alerts
  • Confirming a wildcard or multi-domain certificate covers all required hostnames
  • Debugging ERR_CERT_COMMON_NAME_INVALID or hostname mismatch errors
  • Verifying that TLS 1.3 is being negotiated after a server configuration change

Privacy

The domain name you enter is sent to the Dev-Utilities API, which opens a TLS connection to port 443 of that domain and reads the certificate. No personal data is transmitted — only the domain name you specify. Learn more about how Dev-Utilities handles privacy.