trace·warrior
  • Tools
  • Monitoring
  • Pricing
  • Resources
  • About
Sign inGet started
trace·warrior

Network diagnostics for IT professionals. Built for speed, accuracy, and the long tail of the Friday afternoon outage.

ALL SYSTEMS NOMINAL
Tools
  • DNS Lookup
  • Ping Test
  • Port Checker
  • WHOIS
  • See all
Product
  • Monitors
  • Pricing
  • How-to guides
  • Compare
Resources
  • Blog
  • API docs
  • Tool index
  • Contact
Company
  • About
  • Privacy
  • Terms
  • Cookie policy
© 2026 Trace Warrior · made for engineers, by engineersnetwork forensics, quietly
/
/
tools/network/ssl-certificate-checker
Network

SSL / TLS Certificate Checker

Free SSL / TLS certificate checker and validator. Inspect the certificate chain, issuer, subject, expiry, Subject Alternative Names (SAN), protocol (TLS 1.2 / 1.3), and cipher for any HTTPS host. Use it to verify certificate installation, check days-to-expiry, debug chain issues, and confirm protocol/cipher support. Also a great companion to our SSL/TLS certificate expiry monitor.

What the certificate check reveals

This tool opens a real TLS connection to an HTTPS host from a London probe and reads back the certificate the server presents. It shows the subject, the issuer, the validity window with days remaining, the Subject Alternative Names (SAN) the certificate covers, and the negotiated protocol and cipher (for example TLS 1.3). Because it inspects the live handshake rather than a cached record, you see exactly what a browser or client would receive right now.

Chains, SANs, and expiry gotchas

A certificate on its own is not enough: the server must also send the intermediate certificates that link it to a trusted root. A frequent cause of "works in my browser but fails elsewhere" is a missing intermediate, where the browser happened to have it cached but a stricter client did not. This tool walks the chain so you can confirm it is complete and correctly ordered.

The other classic failure is the name mismatch: the hostname you visit must appear in the certificate's SAN list, since the legacy Common Name field is no longer trusted on its own. And because certificates now have short lifetimes, tracking days-to-expiry matters. For hands-off coverage, pair this with our SSL/TLS certificate expiry monitor so a renewal never slips past its deadline.

Frequently asked questions

How do I check when an SSL certificate expires?

Enter the hostname above and the tool reads the certificate's validity window directly from the live TLS handshake, showing the exact expiry date and how many days remain.

Why does my certificate work in one browser but fail in another?

Usually the server is not sending the full chain of intermediate certificates. One browser had the intermediate cached while a stricter client did not, so it could not build a path to a trusted root. Installing the complete chain fixes it.

What is a SAN and why does it matter?

The Subject Alternative Name list holds every hostname a certificate is valid for. Modern clients only trust names in the SAN list, so if the hostname you visit is not listed, the connection is rejected as a name mismatch.

What TLS versions should a server support?

TLS 1.2 and TLS 1.3 are the current secure versions. Older protocols like TLS 1.0 and 1.1 are deprecated and should be disabled. This checker shows which version and cipher the server negotiated.

Related tools

  • HTTP Headers →
  • Port Checker →
  • DNS Lookup →
  • WHOIS Lookup →
Measured from a Trace Warrior probe server in London, UK, not from your browser. Latency is from London to the target.
Enter a hostname to inspect
Try example.com on port 443