With the TLS/SSL certificate check tool, you can do a full check of the entire certificate chain of
trust - from the end-user certificate and to the root certificate.
You can see all available details about each certificate.
The tool also validates each certificate according to all common standards.
The tool allows for check of HTTPS certificates, as well as check of certificates on SMTP, POP3 and IMAP servers.
For a quick introduction, you may try out a couple of samples:
If you would like to see checks that fail,
badssl.com provides
some excelent samples:
What is SSL/TLS?
SSL/TLS (Secure Sockets Layer/Transport Layer Security) is a cryptographic protocol that
provides secure communication over the internet. It ensures:
- Secure Communication: Ensuring secure communication by encrypting data transmitted over the
internet, protecting it from interception, unauthorized access and eavesdropping.
- Security: Enhancing overall security by providing authentication mechanisms and verifying
the authenticity of websites and services, protecting against man-in-the-middle attacks,
and meeting regulatory compliance requirements, such as the Payment Card Industry Data
Security Standard (PCI DSS) and General Data Protection Regulation (GDPR).
- Trust Establishment: Establishing trust between parties by relying on trusted Certificate
Authorities (CAs) to issue and sign digital certificates, verifying the identity of
servers and clients.
How does SSL/TLS work?
SSL/TLS works by establishing a secure connection between a client and a server through a process
called the SSL/TLS handshake. During the handshake, the server presents its digital certificate,
which includes a public key and identifying information, to the client. This certificate is signed
by a trusted Certificate Authority (CA).
The client, in turn, verifies the authenticity of the server's certificate by checking its
digital signature and confirming that it was issued by a trusted CA. The client's trust in
the CA is established by the inclusion of the CA's root certificate in the client's trusted
root CA store, which is typically managed by operating systems or web browsers.
What is the difference between SSL and TLS?
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols
for secure communication. SSL was invented in the 1990s, with versions SSL 2.0 and SSL 3.0.
However, SSL has known vulnerabilities and is considered insecure.
TLS, developed as the successor, has several versions, including TLS 1.0, 1.1, 1.2, and 1.3.
TLS 1.2 and 1.3 are widely adopted and considered secure, while older versions are being phased
out due to security concerns.
TLS 1.3, the latest version, provides enhanced security features, improved performance, and
stronger encryption algorithms.
What is an SSL/TLS certificate?
An SSL/TLS certificate is a digital document that verifies the authenticity of a website or
server and enables secure communication. It contains information such as the domain name,
public key, expiration date, and digital signature. Issued by a trusted Certificate
Authority (CA), the certificate is bound to a specific entity and signed with the CA's
private key. When a client connects to a server, it checks the server's certificate to
ensure it is valid, unexpired, and signed by a trusted CA. The certificate facilitates
the encryption of data and establishes a secure connection between the client
and server.
How can I obtain an SSL/TLS certificate?
To obtain an SSL/TLS certificate, you can request one from a trusted Certificate Authority (CA)
or use automated tools like Let's Encrypt.
The process of installing an SSL/TLS certificate depends on the server software being used.
Detailed instructions are typically provided by the CA or the server documentation.
What is the chain of certificates?
The chain of certificates, also known as the certificate chain or certificate hierarchy, is
a sequence of certificates that links the end-entity certificate (presented by the
server) to a trusted root certificate. Intermediate certificates bridge the gap between
the end-entity certificate and the root certificate. Each intermediate certificate in
the chain is signed by a higher-level intermediate or directly by the root certificate.
What is a Root certificate?
Root certificates are the top-level certificates in the chain of trust and are self-signed by the
Certificate Authority. They serve as the ultimate trust anchor for verifying the authenticity
of SSL/TLS certificates.
What is a Certificate Authority?
A Certificate Authority (CA) is a trusted entity that issues digital certificates used in
SSL/TLS to verify the authenticity of a website or server. CAs digitally sign
these certificates, providing assurance to clients that they can trust the identity
of the certificate holder.
What is a trusted root store?
The client's trust in the certificate chain is established by confirming that the root
certificate used to sign the certificate is included in its trusted root store. If the
chain of certificates can be successfully validated and linked back to a trusted root
certificate, the client considers the connection secure and proceeds with
encrypted communication.
Microsoft, Apple and the like, maintain each of their own trusted root stores, each
including 150-250 trusted root certificates.