About the TLS/SSL check tool

Beta: This tool is still in active development!

Please note the tool is still in active development. Everything is still subject to change. Any kind of feedback would be greatly appriciated! I'm reachable at iamrootdottech(a)gmail.com. Thanks in advance!
With the TLS/SSL certificate check tool, you can do a full scan for a specific server, checking
  • all availible security protocols (TLS 1.3, 1.2, 1.1 and 1.0 + SSL3 and SSL2
  • the specific certificate in use
  • the entire certificate chain of trust (from the end-user certificate to the root certificate issued by the Certificate Authority)
  • trust of the Root Cerrificate by Microsoft, Apple and Android
All certificates is fully verified according to all common standards (is it valid, does it apply, has it been revokation and so forth).

Beside the verification, the tool will display all available details about each certificate (including SHA1 and SHA256 thumbprints, serial numbers, key info and the certificate as made availible in PEM format).

The tool allows for check of certificates used in HTTPS connections, as well as check of certificates on SMTP, POP3 and IMAP servers.

For a quick introduction, you may try out a couple of samples:

If you would like to see checks that fail, badssl.com provides some excelent samples:


What is SSL/TLS?

SSL/TLS (Secure Sockets Layer/Transport Layer Security) is a cryptographic protocol that provides secure communication over the internet. It ensures:

  • Secure Communication: Ensuring secure communication by encrypting data transmitted over the internet, protecting it from interception, unauthorized access and eavesdropping.

  • Security: Enhancing overall security by providing authentication mechanisms and verifying the authenticity of websites and services, protecting against man-in-the-middle attacks, and meeting regulatory compliance requirements, such as the Payment Card Industry Data Security Standard (PCI DSS) and General Data Protection Regulation (GDPR).

  • Trust Establishment: Establishing trust between parties by relying on trusted Certificate Authorities (CAs) to issue and sign digital certificates, verifying the identity of servers and clients.

How does SSL/TLS work?

SSL/TLS works by establishing a secure connection between a client and a server through a process called the SSL/TLS handshake. During the handshake, the server presents its digital certificate, which includes a public key and identifying information, to the client. This certificate is signed by a trusted Certificate Authority (CA).

The client, in turn, verifies the authenticity of the server's certificate by checking its digital signature and confirming that it was issued by a trusted CA. The client's trust in the CA is established by the inclusion of the CA's root certificate in the client's trusted root CA store, which is typically managed by operating systems or web browsers.

What is the difference between SSL and TLS?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols for secure communication. SSL was invented in the 1990s, with versions SSL 2.0 and SSL 3.0. However, SSL has known vulnerabilities and is considered insecure.

TLS, developed as the successor, has several versions, including TLS 1.0, 1.1, 1.2, and 1.3. TLS 1.2 and 1.3 are widely adopted and considered secure, while older versions are being phased out due to security concerns.

TLS 1.3, the latest version, provides enhanced security features, improved performance, and stronger encryption algorithms.

What is an SSL/TLS certificate?

An SSL/TLS certificate is a digital document that verifies the authenticity of a website or server and enables secure communication. It contains information such as the domain name, public key, expiration date, and digital signature. Issued by a trusted Certificate Authority (CA), the certificate is bound to a specific entity and signed with the CA's private key. When a client connects to a server, it checks the server's certificate to ensure it is valid, unexpired, and signed by a trusted CA. The certificate facilitates the encryption of data and establishes a secure connection between the client and server.

How can I obtain an SSL/TLS certificate?

To obtain an SSL/TLS certificate, you can request one from a trusted Certificate Authority (CA) or use automated tools like Let's Encrypt.

The process of installing an SSL/TLS certificate depends on the server software being used. Detailed instructions are typically provided by the CA or the server documentation.

What is the chain of certificates?

The chain of certificates, also known as the certificate chain or certificate hierarchy, is a sequence of certificates that links the end-entity certificate (presented by the server) to a trusted root certificate. Intermediate certificates bridge the gap between the end-entity certificate and the root certificate. Each intermediate certificate in the chain is signed by a higher-level intermediate or directly by the root certificate.

What is a Root certificate?

Root certificates are the top-level certificates in the chain of trust and are self-signed by the Certificate Authority. They serve as the ultimate trust anchor for verifying the authenticity of SSL/TLS certificates.

What is a Certificate Authority?

A Certificate Authority (CA) is a trusted entity that issues digital certificates used in SSL/TLS to verify the authenticity of a website or server. CAs digitally sign these certificates, providing assurance to clients that they can trust the identity of the certificate holder.

What is a trusted root store?

The client's trust in the certificate chain is established by confirming that the root certificate used to sign the certificate is included in its trusted root store. If the chain of certificates can be successfully validated and linked back to a trusted root certificate, the client considers the connection secure and proceeds with encrypted communication.

Microsoft, Apple and the like, maintain each of their own trusted root stores, each including 150-250 trusted root certificates.


This tool has a fully-featured API available. You may read more about the API here. It is also an option to simply try out the tool - the corresponding API URL for each lookup is made available as a part of the result.


These tools are still in active development. If you have any kind of feedback, please let me know. Send me an e-mail on iamrootdottech(a)gmail.com.