TLS/SSL certificate check

With the TLS/SSL certificate check tool, you can do a full check of the entire certificate chain of trust - from the end-user certificate and to the root certificate.

You can see all available details about each certificate.

The tool also validates each certificate according to all common standards.

The tool allows for check of HTTPS certificates, as well as check of certificates on SMTP, POP3 and IMAP servers.

For a quick introduction, you may try out a couple of samples:

If you would like to see checks that fail, badssl.com provides some excelent samples:

---

What is SSL/TLS?

SSL/TLS (Secure Sockets Layer/Transport Layer Security) is a cryptographic protocol that provides secure communication over the internet. It ensures:

• Secure Communication: Ensuring secure communication by encrypting data transmitted over the internet, protecting it from interception, unauthorized access and eavesdropping.
  
  
• Security: Enhancing overall security by providing authentication mechanisms and verifying the authenticity of websites and services, protecting against man-in-the-middle attacks, and meeting regulatory compliance requirements, such as the Payment Card Industry Data Security Standard (PCI DSS) and General Data Protection Regulation (GDPR).
  
  
• Trust Establishment: Establishing trust between parties by relying on trusted Certificate Authorities (CAs) to issue and sign digital certificates, verifying the identity of servers and clients.
  
  

---

How does SSL/TLS work?

SSL/TLS works by establishing a secure connection between a client and a server through a process called the SSL/TLS handshake. During the handshake, the server presents its digital certificate, which includes a public key and identifying information, to the client. This certificate is signed by a trusted Certificate Authority (CA).

The client, in turn, verifies the authenticity of the server's certificate by checking its digital signature and confirming that it was issued by a trusted CA. The client's trust in the CA is established by the inclusion of the CA's root certificate in the client's trusted root CA store, which is typically managed by operating systems or web browsers.

---

What is the difference between SSL and TLS?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols for secure communication. SSL was invented in the 1990s, with versions SSL 2.0 and SSL 3.0. However, SSL has known vulnerabilities and is considered insecure.

TLS, developed as the successor, has several versions, including TLS 1.0, 1.1, 1.2, and 1.3. TLS 1.2 and 1.3 are widely adopted and considered secure, while older versions are being phased out due to security concerns.

TLS 1.3, the latest version, provides enhanced security features, improved performance, and stronger encryption algorithms.

---

What is an SSL/TLS certificate?

An SSL/TLS certificate is a digital document that verifies the authenticity of a website or server and enables secure communication. It contains information such as the domain name, public key, expiration date, and digital signature. Issued by a trusted Certificate Authority (CA), the certificate is bound to a specific entity and signed with the CA's private key. When a client connects to a server, it checks the server's certificate to ensure it is valid, unexpired, and signed by a trusted CA. The certificate facilitates the encryption of data and establishes a secure connection between the client and server.

---

How can I obtain an SSL/TLS certificate?

To obtain an SSL/TLS certificate, you can request one from a trusted Certificate Authority (CA) or use automated tools like Let's Encrypt.

The process of installing an SSL/TLS certificate depends on the server software being used. Detailed instructions are typically provided by the CA or the server documentation.

---

What is the chain of certificates?

The chain of certificates, also known as the certificate chain or certificate hierarchy, is a sequence of certificates that links the end-entity certificate (presented by the server) to a trusted root certificate. Intermediate certificates bridge the gap between the end-entity certificate and the root certificate. Each intermediate certificate in the chain is signed by a higher-level intermediate or directly by the root certificate.

---

What is a Root certificate?

Root certificates are the top-level certificates in the chain of trust and are self-signed by the Certificate Authority. They serve as the ultimate trust anchor for verifying the authenticity of SSL/TLS certificates.

---

What is a Certificate Authority?

A Certificate Authority (CA) is a trusted entity that issues digital certificates used in SSL/TLS to verify the authenticity of a website or server. CAs digitally sign these certificates, providing assurance to clients that they can trust the identity of the certificate holder.

---

What is a trusted root store?

The client's trust in the certificate chain is established by confirming that the root certificate used to sign the certificate is included in its trusted root store. If the chain of certificates can be successfully validated and linked back to a trusted root certificate, the client considers the connection secure and proceeds with encrypted communication.

Microsoft, Apple and the like, maintain each of their own trusted root stores, each including 150-250 trusted root certificates.