UtilityBase logoUtilityBase

2 min read

How to Check an SSL Certificate: Expiry, Issuer, and Validity

Learn how to inspect any website SSL certificate to see its issuer, expiry date, covered domain names, and whether the secure connection is trustworthy.

What an SSL Certificate Proves

The padlock in your address bar rests on a TLS certificate, still widely called an SSL certificate. It does two jobs at once. First, it encrypts traffic between your browser and the server so no one in between can read it. Second, it vouches for identity: a trusted certificate authority has confirmed that whoever runs the site actually controls the domain name on the certificate.

Checking a certificate lets you confirm both jobs are being done correctly. A valid, unexpired certificate issued to the right domain by a recognized authority is the technical foundation of a trustworthy connection. A certificate that is expired, self-signed, or issued for the wrong name is a genuine warning sign worth taking seriously.

The Fields That Matter

Four details tell you almost everything. The issuer is the certificate authority that signed the certificate, such as a well known public CA. The validity period gives the start and expiry dates; browsers reject certificates that are expired or not yet valid. The subject and its subject alternative names list every hostname the certificate legitimately covers. The expiry countdown matters most for site owners, because a certificate that lapses will break the site for every visitor at once.

Pay attention to the covered names in particular. A certificate issued for one domain does not automatically cover its subdomains unless it is a wildcard or explicitly lists them. A name mismatch is one of the most common reasons a browser throws a security warning even when the certificate itself is otherwise valid.

Checking a Certificate Step by Step

You do not need command line tools to inspect a certificate. An online SSL checker connects to the host on the secure port, retrieves the certificate the server presents, and lays out the important fields in plain language.

  1. 1Enter the hostname of the site you want to inspect, without any path.
  2. 2Run the check so the tool can connect and fetch the presented certificate.
  3. 3Read the issuer to confirm the certificate came from a recognized authority.
  4. 4Check the expiry date and the days remaining in the countdown.
  5. 5Review the covered names to confirm the certificate matches the hostname you visited.

How the Lookup Works and What Is Sent

To read a certificate, the tool has to open a real connection to the server, so the hostname you enter is sent to our service, which performs the TLS handshake and reports back what the server presented. This is the same public certificate any visitor receives, so nothing private is exposed. The check reads the certificate only; it does not send credentials or load private pages.

For site owners, the most useful habit is checking the expiry countdown well ahead of the deadline. Automated renewal has made lapsed certificates rarer, but automation still fails quietly, and a certificate that expires overnight takes the whole site down until it is replaced. A periodic manual check is cheap insurance.

Frequently asked questions

What is the difference between an SSL and a TLS certificate?

They refer to the same thing in everyday use. SSL is the older protocol name, and TLS is its modern successor that browsers actually use. The certificates are commonly called SSL certificates out of habit, even though the encryption itself is TLS.

Why does a valid certificate still trigger a browser warning?

The most common cause is a name mismatch: the certificate does not list the exact hostname you visited, for example a subdomain not covered by the certificate. Expired certificates and untrusted or self-signed issuers produce similar warnings.

Does checking a certificate send my data to a server?

The hostname you enter is sent to our service so it can open a connection and read the certificate the server presents. That certificate is public information shown to every visitor, so no private data of yours is exposed by the check.

Tools mentioned in this guide

Keep reading