Tool
SSL Certificate Checker
See exactly what certificate a server is presenting — expiry date, issuer, TLS version, Subject Alternative Names, and whether the cert is trusted. No install required.
How it works
We open a TLS connection to port 443 on the domain you enter, read the leaf certificate presented during the handshake, and extract the fields that matter: validity window, issuer chain, SANs, protocol version, and fingerprint.
We use rejectUnauthorized: falseto retrieve the certificate even when it is self-signed or expired — so you can inspect it regardless of its trust state. The “Certificate valid” / “issues detected” verdict reflects whether Node.js trusts the cert against its built-in CA store.
Related tools
Frequently asked
How do I know when my SSL certificate expires?
Enter your domain above. The "Days remaining" field shows exactly how long until expiry. Set a calendar reminder at 30 days — most certificate authorities let you renew 90 days in advance and the new cert activates when the old one expires.
What does "Certificate issues detected" mean?
It means Node.js could not verify the certificate against a trusted Certificate Authority — typically because it is self-signed, the issuing CA is not in the trust store, or the cert has already expired. Users visiting the site in a browser will see a security warning.
Why does the SANs list include many domains?
Modern certificates, especially those from Let's Encrypt or CDN providers like Cloudflare, are multi-domain or wildcard certificates that cover many hostnames. That's normal and correct — each name in the SAN list is a hostname the cert is valid for.
What TLS version should I expect?
TLS 1.3 is the gold standard (faster, more secure). TLS 1.2 is still widely used and acceptable. TLS 1.0 and 1.1 are deprecated — browsers refuse to connect to sites using them.
Last reviewed