SSL Certificate Inspector

Check any site's TLS certificate — issuer, validity, days until expiry, SANs, key size, and the chain. Live from the server's handshake.

Advertisement
What's in a TLS certificate?

The identity a server proves on the handshake — who it is, who vouches for it, and for how long.

When you connect to an https:// site, the server presents a TLS certificate proving its identity: the subject (who it's for), the issuer (the certificate authority that signed it), a validity window, the public key, and a list of SANs (every hostname the cert covers). This tool opens a real TLS handshake from our server, captures the certificate chain, and breaks it down — including the OCSP/CRL revocation endpoints and a clear days-until-expiry counter.

The most common operational use is catching expiry before it bites: a red or amber banner appears when the certificate has expired or has under 30 days left. You can append a port (mail.example.com:993) to inspect non-HTTPS TLS services. Inspection runs server-side because browsers don't expose raw certificate chains to JavaScript.

Read more on Wikipedia
FAQ

Frequently asked

How do I check when an SSL certificate expires?
Enter a hostname above — the tool reads the live certificate straight from the TLS handshake and shows its validity dates and the days remaining.
What is a SAN (Subject Alternative Name)?
It is the list of hostnames a certificate is valid for. Modern browsers ignore the old Common Name and trust only names in the SAN list, so a certificate must list every hostname it serves.
The certificate is valid but my browser still complains — why?
Usually an incomplete chain (a missing intermediate certificate), a hostname not covered by the SAN list, or an expired intermediate. Check the full chain shown above.
Copied to clipboard