Analyze SSL/TLS certificates, test protocols, scan for vulnerabilities, and get security grades. Detailed recommendations for HTTPS security.
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over computer networks. When you see HTTPS in your browser, the connection is protected by TLS.
| Version | Status | Notes |
|---|---|---|
| TLS 1.3 | Recommended | Latest standard, fastest, most secure |
| TLS 1.2 | Acceptable | Still secure when configured properly |
| TLS 1.1 | Deprecated | Known vulnerabilities, disable if possible |
| TLS 1.0 | Deprecated | Serious vulnerabilities (BEAST, POODLE) |
SSL/TLS certificates form a chain of trust from your server's certificate up to a trusted root Certificate Authority (CA).
This tool performs a real TLS handshake with the target server to analyze: the SSL/TLS certificate details (subject, issuer, validity, SANs), the certificate chain, supported protocols (TLS 1.0, 1.1, 1.2, 1.3), negotiated cipher suites, and potential security issues.
Grades range from A+ (excellent) to F (failing). A+ indicates TLS 1.3 support with strong ciphers and no issues. Lower grades indicate problems like deprecated protocols (TLS 1.0/1.1), weak ciphers, expired certificates, or trust issues.
TLS 1.0 and 1.1 have known security vulnerabilities and have been deprecated by major browsers and security standards. Websites should support TLS 1.2 at minimum, with TLS 1.3 recommended for best security.
A certificate chain is the sequence of certificates from your server's certificate up to a trusted root CA. Browsers verify this chain to establish trust. A broken or incomplete chain can cause security warnings.
Certificates can be untrusted for several reasons: self-signed certificates, expired certificates, hostname mismatch, incomplete certificate chain, or certificates issued by untrusted CAs.
Quick scan performs a single TLS connection to get certificate and cipher info. Full scan additionally tests each TLS protocol version (1.0, 1.1, 1.2, 1.3) separately to determine which protocols your server supports.
Yes, this SSL checker is completely free to use. There are no limits on the number of domains you can check.
The score starts at 100 and deducts points for issues: -40 for untrusted certificates, -50 for expired certificates, -15 for TLS 1.0 support, -10 for TLS 1.1 support, and +5 bonus for TLS 1.3 support. The final grade is based on the remaining score.