Free SSL/TLS Certificate Checker
Verify a website's SSL/TLS configuration in seconds — certificate validity and expiry, issuer, subject and SAN, the negotiated TLS protocol version, cipher strength, perfect forward secrecy and self-signed/untrusted detection.
By scanning, you confirm you own or have permission to test this domain. Not a substitute for manual penetration testing.
What this ssl checker checks
How it works
Read-only· a single TLS handshake- 1We open one TLS handshake to the host on port 443 — the same connection your browser makes.
- 2From the handshake we read the certificate (issuer, validity, expiry, SAN), the negotiated TLS version and cipher, key strength and whether forward secrecy is used.
- 3We confirm the certificate actually covers the hostname and flag deprecated TLS 1.0/1.1, weak keys, self-signed/untrusted chains and near-expiry.
What it doesn’t do: This is a quick posture check. For per-version probing, OCSP/CRL and known TLS CVEs, use the Pro SSL/TLS Deep Audit.
Why it matters
An expired, weak or misconfigured TLS setup breaks trust, triggers browser warnings and can expose traffic to interception. Catching certificate expiry and weak ciphers early prevents outages and protects your users' data in transit.
Frequently asked questions
Is the SSL checker free?
Yes — the SSL/TLS check runs as part of the free ONEROXE recon scan, with no account required.
How often should I check my SSL certificate?
Check before every renewal and after any infrastructure change. Many outages are caused by certificates that quietly expire — automated monitoring helps too.
What TLS versions are still considered safe?
TLS 1.2 and TLS 1.3 are current; TLS 1.0/1.1 are deprecated and SSLv3 is insecure. The checker reports the TLS version negotiated with the server and warns when it is a deprecated one.