Checking an SSL/TLS certificate confirms a website's identity, verifies the certificate is valid and not expired, and shows which Certificate Authority issued it. Here are several ways to do this.
Method 1: Browser Padlock
- Visit the HTTPS website.
- Click the padlock icon in the address bar.
- Select "Connection is secure" or "Certificate is valid".
- The certificate details panel shows the issuer, validity dates, and what domain(s) it covers.
Method 2: Online SSL Check Tool
Use our SSL Check tool. Enter any domain and get a full report including:
- Certificate issuer (CA) and chain
- Expiry date and days remaining
- Supported TLS versions
- Domain coverage (wildcard, SAN names)
- OCSP status (revocation check)
Method 3: Command Line
| Tool | Command |
|---|---|
| OpenSSL (Mac/Linux) | echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates -issuer |
| curl | curl -vI https://example.com 2>&1 | grep -A5 "SSL certificate" |
| Chrome DevTools | F12 > Security tab > "View Certificate" |
What to Look for in a Certificate
- Expiry date: Must be in the future. Set reminders 30 days before.
- Domain match: The Common Name (CN) or Subject Alternative Name (SAN) must match the site you are visiting.
- Trusted issuer: The CA must be in your browser's trusted list.
- TLS version: Should be TLS 1.2 or 1.3. Reject connections using SSL 3.0 or TLS 1.0.
People Also Ask
- How to check SSL certificate in Chrome?
- Click the padlock in the address bar > "Connection is secure" > "Certificate is valid." The certificate viewer shows the issuer, valid dates, and fingerprint.
Related: SSL certificates | SSL/TLS | SSL Check tool