For regular internet users, browsing safety is major concern. If you have suspicion about a website, have a doubt that is it a correct bank site or not? Why that Green PadLock is broken? Then always do a check for SSL (HTTPS) certificate. Takes a minute and provides peace of mind.
If you are a website author or admin then you must check certain things after installing SSL. To check integrity and SSL expiry this is a good practice to follow. This is often ignored part and causes issues later on. You don’t need to bang your head to decrypt codes and algorithm, as there are many free online tools to check SSL and HTTPS.
12 Tools to Check SSL Certificate Online
1. SSL Shopper
SSL Shopper is basically a SSL store for your website but it does provide great set of tools like SSL Checker, CSR Decoder, Certificate Key Matcher and much less seen Certificate Converter. Their tool to check SSL certificate is quite detailed yet easy to understand. Checking GeekAct.com gives me very accurate results for expiry date, Chain pass, Encryption, IP address, Signature Algorithm etc.
All green here means you are good!
This new SSL checking tool is from NameCheap and includes all the things from other SSL checkers. It shows you certificate data, expiry, provider, webhost, country, number of SAN and certificates etc. Very fast and nice interface. I didn’t find a single information incorrect on this one.
Decoder also has many other tools which you might like to try – CSR generator, Key matcher, RSA keys converter, OpenSSL trace, CT log tool etc.
Less known but definitely worth of time. You must try this. This is really a nice site to play with. They show vital stats like number of sites, countries being tested. Also, a map with server and sites being tested. It will show recent HTTPS and non-HTTPS sites and where they are located. If you click on any dot on map it will show you it’s grade, location and website domain. Website feel and navigation is very user friendly. You can also save the whole report as PDF file.
Like Digicert, you can use option to hide your site’s results from public view. It provides quite a view for results. It showed me A+ rating when others showed A only. This has to do with some metrics they consider and others which they might not.
My certificate is from Comodo and I am telling you, this is the most affordable and easy to use certificate. Moreover, if you have this from Namecheap for your Namecheap hosting, then it is absurdly easy to deploy.
|Read Auto-installing NameCheap SSL:|
Details available and are very in-depth showing even country of server, site, and SSL origin.
Digicert is an old player in SSLs. The tool at help link is a SSL scanner and SSL checker. This tool simply takes your domain name and provide information on SSL certificate. Good thing it does is visual representation along with Validity start and end date.
What impressed me is vulnerability checker along with Debian vulnerable key check. These are server level checks and not done by every scanner.
An independent site with required set of tools. This impressed me because it actually displayed encrypted public and website key with algorithm. Expiry date was appearing correct, Chain information was right, shows PEM certificate and many more thing which others won’t. I can actually recommend this one if you want to cross validate the ciphers and keys.
7. Qualys SSL checker aka SSLLabs Check
It is the most detailed, deepest scan one available resulting in the slowest of all SSL scanners available. But hey! You want to know it all for free. Right?
Qualys is like a public library for all SSL checks done by people. So, you will see Recent worst, Best, etc on it’s scanning page. If you don’t want to appear in public then make sure that you tick ‘Don’t show results in board’.
It will show where your website lacks in terms of security and what it means. Plus point is, it tells you what to fix on site and what is needed to be fixed by your webhost. This makes life easier. Because knowing problem is not an end of problem.
This is fast and easy one. However, I did show me some mismatches. For regular user, the first two boxes are quite enough because it shows signature, expiry and validation done for which site. For authors and admins, it also have an option to set HTTPS port, setting reminders before expiry and upgrading the certificate. This is nice start for managing multiple SSLs and sites.
GeoCerts is also been there is since good time now. It provides very quick info. I found it to be the quickest and accurate as Comodo and Qualys.
It also provides other tools like CSR parser, Certificate key matcher etc.
10. Symantec Crypto Report aka Symantec SSL Checker
A trusted tool from Symantec which houses many SSL tools like CSR parser, Cross certificate remover etc.
Check is quick and detailed. For every section you will get ‘show more details’ at right side which you can open into a pop-up with more details.
In vulnerability check, Symantec has upper hand as it checks for Heartbleed, Poodle (TLS), Poodle (SSLv3), FREAK, BEAST, and CRIME. Most of the sites will fail for BEAST attack for sure as this is server side issue and your host can fix this only.
Wormly is a Website and Server monitoring service which also provides some free tools to check SSL certificates, server ping, POP3, SMTP. FTP etc.
Honestly, I didn’t love results at all. It showed my site at 49% safety whereas all sites and malware checker has a score of 99% and above for GeekAct.com. It also displayed that my SSL certificate will expire in two years whereas it is due in November 2018.
This is actually a quick tool from KeyCDN to check certificates from raw certificate data. If you have these data then you can use it to find chain and other details. There are also other tools like HTTP/2 checker, SSL Freak check, TLS Logjam test etc. This would be your last choice as it requires manual work to get actual signing keys.
You can always use your browser to check current SSL certificate, it’s identity and validity. Click on the SECURE green button or PADLOCK for that.
Google warns you about mismatching certificates. Not all of which might be actually dangerous (there are people using self-signed servers) but are better to avoid nowadays.
Additionally, Google Transparency Reporter has option to search Certificates by hostname. This shows all running SSLs on that hostname but can be useful to identify the phishing ones.
Other SSL Checking Tools
There were some other SSL checkers also which I didn’t include due to some or other reasons but there is no harm in listing them here.
1and1 SSL checker – Not fond of their any service but the checking SSL works ok.
TheSSLStore – Quick review and results but focuses on mainly selling things away.
HubSpot – Only shows OK or not. Useless tools actually.
Have you used any tool other than listed here? Let me know about it and I can include it here.