esc

SSL Certificate Checker

Check HTTPS certificate expiry, hostname match, trusted chain, TLS version, cipher suite, SAN entries, OCSP stapling, and issuer details for any host.

Examples github.com cloudflare.com badssl.com

Enter a hostname above to check SSL certificate expiry, chain of trust, hostname match, TLS version, cipher suite, and issuer details.

Guide

What this SSL checker shows

This SSL certificate checker opens a real TLS handshake to the HTTPS host and reports the certificate presented by the server. Use it to inspect certificate expiry, issuer, common name, Subject Alternative Names, trusted chain, TLS protocol, cipher suite, key exchange, and OCSP stapling.

It is useful before and after certificate renewal, CDN migration, DNS changes, or HTTPS troubleshooting. For complete site diagnostics, pair the result with DNS lookup and WHOIS lookup so you can confirm the host, domain registration, nameservers, and certificate all point to the same deployment.

FAQ

Frequently asked questions

What does this SSL certificate checker test?

This SSL certificate checker opens a TLS connection to the host on port 443, reads the certificate, checks the hostname match, validity dates, trusted chain, signature strength, TLS protocol, cipher suite, key exchange, SAN entries, and OCSP stapling.

How do I check SSL certificate expiration?

Enter the HTTPS hostname and review the Expires and Days left fields. The certificate expiry checker highlights short renewal windows so you can renew before browsers start showing certificate errors.

What causes a hostname mismatch?

A hostname mismatch happens when the certificate common name or Subject Alternative Names do not cover the host you entered. It often appears after pointing DNS to a new service without issuing a matching certificate.

Why does the certificate chain matter?

Browsers trust a certificate only when the leaf certificate chains through the required intermediate certificates to a trusted root CA. A missing intermediate certificate can break HTTPS even when the leaf certificate is not expired.

Can I inspect the TLS version and cipher suite?

Yes. The connection section reports the negotiated TLS version, cipher suite, key type, key exchange, and whether the server stapled an OCSP response during the handshake.

Does this tool validate DNS or HTTP security headers?

No. This page focuses on the TLS certificate and HTTPS handshake. Use DNS lookup to check records and a dedicated security headers checker when that tool is available.