SSL Checker

An SSL Checker verifies that a website's SSL certificate is properly installed, valid, and configured correctly. SSL certificates enable the HTTPS protocol that encrypts data between the user's browser and the web server. Without valid SSL, all data transmitted between the browser and the server including passwords, credit card numbers, and personal information travels in plain text that anyone on the network can read.

The SSL checker connects to the target server and retrieves the SSL certificate information. It examines the certificate's validity period to confirm it has not expired and has not been activated before its start date. The checker verifies that the certificate was issued by a trusted certificate authority and that the certificate chain from the root CA through intermediate certificates is complete and properly ordered.

Website administrators use SSL checkers to monitor certificate expiration dates. An expired certificate causes browsers to display security warnings that scare visitors away. E-commerce sites with expired certificates lose sales because customers cannot complete checkout without seeing browser warnings about an insecure connection. Email administrators ensure that mail servers have valid certificates for encrypted SMTP communication.

The certificate subject name must match the domain name being accessed. A certificate issued for example.com will trigger a warning when accessed via www.example.com unless the certificate includes both names as subject alternative names. Wildcard certificates cover all subdomains of a domain. The checker validates that the domain being checked is covered by the certificate's subject name or SAN entries.

Certificate chain validation ensures that the server sends the complete chain of trust from the leaf certificate through intermediate certificates to the root CA. If intermediate certificates are missing, browsers may fail to validate the certificate even though the certificate itself is valid. The checker reports which certificates in the chain are provided by the server and which are missing.

The SSL protocol version and cipher suite configuration are also evaluated. Outdated protocols like SSLv3 and TLS 1.0 have known vulnerabilities and should be disabled on modern servers. The cipher suite determines which encryption algorithms are available for the connection. Weak ciphers should be disabled in favor of modern AEAD ciphers like AES-GCM and ChaCha20-Poly1305.

Certificate revocation status is checked via Certificate Revocation Lists and the Online Certificate Status Protocol. A certificate that has been revoked by the issuing authority should not be trusted even if it has not expired. Revocation happens when a certificate is compromised or when the certificate authority discovers the certificate was issued improperly.

Results are presented with clear pass, warning, and fail indicators for each check category. A summary provides an overall security rating. Detailed information about each check is available for administrators who need to troubleshoot configuration issues or plan certificate renewals.