🔒
SSL Certificate Checker
Connectivity test & OpenSSL audit commands
Domain to audit
Check Expiry & Dates
Returns notBefore / notAfter — should be >30 days out
Verify Certificate Chain
Full chain: leaf → intermediate → root CA
Subject & SANs
Verify domain name match and Subject Alternative Names
Protocol & Cipher Test
Confirm TLS 1.2+ and reject legacy protocols
OCSP Revocation Check
Verify certificate has not been revoked
Connectivity Troubleshooting
Basic checks when HTTPS connection fails
⚠️ Common SSL Issues
  • Expired cert — renew immediately
  • Incomplete chain — missing intermediate
  • Name mismatch — cert ≠ domain
  • Self-signed — not trusted by browsers
  • Weak TLS — old 1.0/1.1 or weak ciphers
  • Revoked cert — check OCSP status
✅ Best Practices
  • Use Let's Encrypt + certbot auto-renewal
  • Monitor expiry 30 days before deadline
  • Enable OCSP stapling in web server
  • Enforce TLS 1.2+, disable 1.0/1.1
  • Include all intermediate certs
  • Keep backup certificates ready