SSL/TLS Certificate Checker

Inspect a website's TLS configuration and certificate details. Enter a hostname and optional port to fetch TLS version, cipher suite, certificate issuer/subject, SANs, expiry, and hostname match status.

Options

About SSL/TLS Certificate Checker Tool

The SSL/TLS Certificate Checker inspects a site's live TLS connection and certificate. It reports the negotiated TLS version and cipher, certificate subject and issuer, Subject Alternative Names (SANs), validity window, fingerprints, and key information. It also verifies that the hostname you entered is covered by the certificate (including wildcard SANs).

Advanced checks include optional trust-chain validation using your system CAs, Server Name Indication (SNI) and IDN (punycode) support, and trying multiple public IPs if the hostname resolves to more than one address. You can download the leaf certificate as PEM or DER and the full chain for offline inspection.

  • Hostname match via SAN and CN with wildcard support
  • Public-IP-only connections with short, safe timeouts
  • SHA-256/SHA-1 fingerprints, serial, key type/size/curve
  • Common extensions: Basic Constraints, Key Usage, EKU, AIA/OCSP, CRL Distribution Points
Map illustrating global TLS usage