SSL/TLS Checker

Analyze SSL/TLS certificates, test protocols, scan for vulnerabilities, and get security grades. Detailed recommendations for HTTPS security.

Advertisement

Understanding SSL/TLS Security

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over computer networks. When you see HTTPS in your browser, the connection is protected by TLS.

TLS Protocol Versions

VersionStatusNotes
TLS 1.3RecommendedLatest standard, fastest, most secure
TLS 1.2AcceptableStill secure when configured properly
TLS 1.1DeprecatedKnown vulnerabilities, disable if possible
TLS 1.0DeprecatedSerious vulnerabilities (BEAST, POODLE)

Certificate Chain of Trust

SSL/TLS certificates form a chain of trust from your server's certificate up to a trusted root Certificate Authority (CA).

  • End-Entity Certificate: Your server's certificate containing your domain name
  • Intermediate Certificate(s): Issued by CAs to delegate trust
  • Root Certificate: Self-signed certificate from a trusted CA, pre-installed in browsers

Common SSL/TLS Issues

  • Expired Certificate: Set up auto-renewal with Let's Encrypt
  • Incomplete Chain: Missing intermediate certificates cause verification failures
  • Hostname Mismatch: Certificate CN or SANs must match your domain
  • Self-Signed Certificate: Not trusted by browsers. Use Let's Encrypt for free trusted certificates

SSL/TLS Best Practices

  • Enable TLS 1.3 for best security and performance
  • Disable TLS 1.0/1.1 deprecated protocols
  • Use strong cipher suites (AEAD ciphers like AES-GCM)
  • Enable HSTS (HTTP Strict Transport Security)
  • Configure OCSP Stapling
  • Automate certificate renewal with certbot
Advertisement

Frequently Asked Questions

What does this SSL checker analyze?+

This tool performs a real TLS handshake with the target server to analyze: the SSL/TLS certificate details (subject, issuer, validity, SANs), the certificate chain, supported protocols (TLS 1.0, 1.1, 1.2, 1.3), negotiated cipher suites, and potential security issues.

What do the SSL grades mean?+

Grades range from A+ (excellent) to F (failing). A+ indicates TLS 1.3 support with strong ciphers and no issues. Lower grades indicate problems like deprecated protocols (TLS 1.0/1.1), weak ciphers, expired certificates, or trust issues.

Why is TLS 1.0 and TLS 1.1 marked as deprecated?+

TLS 1.0 and 1.1 have known security vulnerabilities and have been deprecated by major browsers and security standards. Websites should support TLS 1.2 at minimum, with TLS 1.3 recommended for best security.

What is a certificate chain?+

A certificate chain is the sequence of certificates from your server's certificate up to a trusted root CA. Browsers verify this chain to establish trust. A broken or incomplete chain can cause security warnings.

Why does my certificate show as not trusted?+

Certificates can be untrusted for several reasons: self-signed certificates, expired certificates, hostname mismatch, incomplete certificate chain, or certificates issued by untrusted CAs.

What is the difference between quick and full scan?+

Quick scan performs a single TLS connection to get certificate and cipher info. Full scan additionally tests each TLS protocol version (1.0, 1.1, 1.2, 1.3) separately to determine which protocols your server supports.

Is this tool free to use?+

Yes, this SSL checker is completely free to use. There are no limits on the number of domains you can check.

How is the security score calculated?+

The score starts at 100 and deducts points for issues: -40 for untrusted certificates, -50 for expired certificates, -15 for TLS 1.0 support, -10 for TLS 1.1 support, and +5 bonus for TLS 1.3 support. The final grade is based on the remaining score.

This tool is provided for informational and educational purposes only. All processing happens in your browser — no data is sent to or stored on our servers. While we strive for accuracy, we make no warranties about the completeness or reliability of results.