SSL Checker
Check SSL certificate details for any domain: issuer, expiry, chain.
100% client-side: your files never leave your browser
Fetches certificate transparency logs from crt.sh
SSL/TLS (Secure Sockets Layer / Transport Layer Security) encrypts communication between a client and server. When you connect to a website via HTTPS, the server presents a certificate that your browser verifies.
Certificate Authority (CA): A trusted third party that signs and issues SSL certificates. Browsers maintain a list of trusted CAs.
Certificate Chain: Your certificate is signed by an intermediate CA, which is signed by a root CA. The browser verifies this chain of trust.
- Expired certificates cause browser warnings
- Domain name mismatch (cert doesn't match the URL)
- Self-signed certificates not trusted by browsers
- Missing intermediate certificates in the chain
- Weak cipher suites or outdated TLS versions
- Use TLS 1.2 or higher (prefer TLS 1.3)
- Automate certificate renewal (e.g., Let's Encrypt)
- Enable HSTS (HTTP Strict Transport Security)
- Use strong cipher suites (AES-256-GCM, ChaCha20)
- Implement Certificate Transparency monitoring
- Set up OCSP stapling for faster verification