NetCheck Tools

SSL Checker

Enter a domain to inspect the SSL/TLS certificate it serves on port 443: status, issuer, validity dates, days remaining, SAN domains and fingerprints.

Why check your SSL certificate?

An invalid or expired certificate does more than show a scary browser warning: it breaks API clients, blocks form submissions, hurts SEO and destroys visitor trust in seconds. Regular checks catch three classes of problems — expiration (certificates typically live 90 days now), misconfiguration (missing intermediate certificates, wrong hostname) and weak setups (outdated protocols).

Reading the results

  • Status: whether the certificate is currently valid, expired or untrusted, with the exact reason
  • Issuer: the certificate authority (Let's Encrypt, DigiCert, ...) that signed the certificate
  • SAN domains: every hostname the certificate is valid for — your domain must appear here, exactly or via a wildcard
  • Fingerprints: unique hashes used to pin or verify a specific certificate

Worried about renewal dates specifically? Use the dedicated SSL expiration checker.

Frequently asked questions

What does this SSL checker test?

It connects to your domain on port 443, performs a real TLS handshake and reads the certificate the server presents: issuer, subject, validity window, days remaining, covered SAN domains, serial number and SHA-1/SHA-256 fingerprints. It also reports whether the certificate chain is trusted.

Why is my certificate reported as “Not trusted”?

Common causes: the certificate is self-signed, the server does not send the intermediate certificate (incomplete chain), the certificate was issued for different hostnames, or it comes from a private CA. The exact reason is shown in the result card.

Does the checker work for subdomains?

Yes. Enter the exact hostname you want to test (for example shop.example.com). Certificates are issued for specific names, so www.example.com and example.com can present different certificates.

Is the check performed from my browser?

No — our server opens the TLS connection. That means the result shows what any external visitor sees and is not affected by your local certificate store, antivirus proxying or corporate firewalls.

Related tools