Free SSL Certificate Checker
Inspect any site's TLS certificate — issuer, expiry, SANs, key strength, and chain validity in one query.
Bare domains only — paths, protocols, and ports are stripped automatically. Connection is made on port 443.
Performing TLS handshake…
Usually finishes in under a second
You've reached the free hourly limit
Log in to keep checking certificates — registered users get a higher hourly quota.
Log in to continueCertificate for
Paste any domain and instantly see its SSL/TLS certificate details. We open a real handshake on port 443, parse the certificate the server sends, and surface the bits you actually care about — no command-line OpenSSL incantations needed.
Features
- Issuer & subject - Full distinguished name for both, including organization, country, and the common name (CN) clients verify against.
- Validity at a glance - Not-before / not-after dates plus a clear "days until expiry" countdown so renewal windows are obvious.
- Subject Alternative Names - Every DNS SAN listed out, with one-click copy — handy for spotting wildcard coverage or missing aliases.
- Key & signature - Algorithm and key size (RSA 2048, ECDSA P-256, Ed25519, etc.) plus the signature hash, so you can sanity-check modern crypto.
- Identifiers - SHA-256 fingerprint and serial number, formatted in the colon-separated style most tools expect.
- Inspects broken certs too - When verification fails (expired, hostname mismatch, self-signed, untrusted root) we still show the cert with a clear warning, so you can debug instead of just hitting a wall.
- 100% Free - No account required for limited use.
Tip: A hostname mismatch means the cert is real but issued for a different name (e.g. you typed www.example.com but only example.com is on the cert). An expired result means the validity window has passed — usually a renewal that didn't deploy. Self-signed means there's no public CA in the chain. The certificate panel below the warning tells you which.