Sign In
Access your IPWhois.net account
No account? Create one

SSL Certificate Checker

What is an SSL Certificate?

An SSL/TLS certificate is a digital file that links a public key to a domain name. When your browser opens an HTTPS page, it checks this certificate to make the connection is encrypted and the server is who it says it is.

Every certificate has an expiry date, usually between 90 days and one year. Once it expires, visitors get browser security warnings and some automated services stop working. This tool fetches the certificate directly from our server so you can check it without opening a browser.

What This Tool Checks

  • Validity period: issue date, expiry date, and exact days remaining.
  • Subject and Issuer: who the certificate belongs to and which CA signed it.
  • Subject Alternative Names (SANs): all hostnames covered by the certificate.
  • Hostname match: whether the cert is valid for the domain you entered.
  • Key type and strength: RSA 2048/4096 or EC 256/384-bit.
  • Certificate chain: full path from leaf cert to trusted root CA.
  • Signature algorithm: SHA-256 with RSA is the current standard.

Frequently Asked Questions

What does "days remaining" mean?

The number of days until the certificate expires. Under 30 days is worth paying attention to. If it hits zero, HTTPS will stop working for anyone visiting the site.

What is a wildcard certificate?

A wildcard cert like *.example.com covers all direct subdomains such as www.example.com and api.example.com, but not deeper levels like sub.api.example.com.

Why does verification fail?

The most common reasons are an expired certificate, a self-signed certificate, a certificate issued for a different hostname, or a broken certificate chain. The tool shows each case separately so you can see exactly what went wrong.

What is the certificate chain?

Browsers only trust a small list of root Certificate Authorities. Most sites use an intermediate CA to sign their certificate. The chain is the path from your site's cert up to a trusted root. If any link is missing, browsers will show an "untrusted" warning even if the cert itself is valid.