What do the SSL grades mean?

Grades range from A+ (excellent) to F (failing). A+ indicates TLS 1.3 support with strong ciphers and no issues. Lower grades indicate problems like deprecated protocols (TLS 1.0/1.1), weak ciphers, expired certificates, or trust issues.

Why is TLS 1.0 and TLS 1.1 marked as deprecated?

TLS 1.0 and 1.1 have known security vulnerabilities and have been deprecated by major browsers and security standards. Websites should support TLS 1.2 at minimum, with TLS 1.3 recommended for best security.

What is a certificate chain?

A certificate chain is the sequence of certificates from your server's certificate up to a trusted root CA. Browsers verify this chain to establish trust. A broken or incomplete chain can cause security warnings.

Why does my certificate show as not trusted?

Certificates can be untrusted for several reasons: self-signed certificates, expired certificates, hostname mismatch, incomplete certificate chain, or certificates issued by untrusted CAs.

What is the difference between quick and full scan?

Quick scan performs a single TLS connection to get certificate and cipher info. Full scan additionally tests each TLS protocol version (1.0, 1.1, 1.2, 1.3) separately to determine which protocols your server supports.

Is this tool free to use?

Yes, this SSL checker is completely free to use. There are no limits on the number of domains you can check.

How is the security score calculated?

The score starts at 100 and deducts points for issues: -40 for untrusted certificates, -50 for expired certificates, -15 for TLS 1.0 support, -10 for TLS 1.1 support, and +5 bonus for TLS 1.3 support. The final grade is based on the remaining score.

Home/Tools/Security/SSL/TLS Checker

SSL/TLS Checker

Analyze SSL/TLS certificates, test protocol support, scan for vulnerabilities, and get security grades (A+ to F). Instant results with comprehensive security recommendations.

Loading SSL/TLS Checker...

Loading interactive tool...

JavaScript Required

This interactive tool requires JavaScript to function. Please enable JavaScript in your browser to use the full features.

The tool description and documentation above provide information about this tool's capabilities. For the best experience, please enable JavaScript and refresh the page.

Certificate Errors Hurting SEO?

We manage SSL lifecycles across your infrastructure, preventing expiration and configuration issues.

Learn About Infrastructure Monitoring Explore Compliance Services

Understanding SSL/TLS Security

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over computer networks. When you see HTTPS in your browser, the connection is protected by TLS.

TLS Protocol Versions

Version	Status	Notes
TLS 1.3	Recommended	Latest standard, fastest, most secure
TLS 1.2	Acceptable	Still secure when configured properly
TLS 1.1	Deprecated	Known vulnerabilities, disable if possible
TLS 1.0	Deprecated	Serious vulnerabilities (BEAST, POODLE)

Certificate Chain of Trust

SSL/TLS certificates form a chain of trust from your server's certificate up to a trusted root Certificate Authority (CA).

End-Entity Certificate: Your server's certificate containing your domain name
Intermediate Certificate(s): Issued by CAs to delegate trust
Root Certificate: Self-signed certificate from a trusted CA, pre-installed in browsers

Common SSL/TLS Issues

Expired Certificate: Set up auto-renewal with Let's Encrypt
Incomplete Chain: Missing intermediate certificates cause verification failures
Hostname Mismatch: Certificate CN or SANs must match your domain
Self-Signed Certificate: Not trusted by browsers. Use Let's Encrypt for free trusted certificates

SSL/TLS Best Practices

Enable TLS 1.3 for best security and performance
Disable TLS 1.0/1.1 deprecated protocols
Use strong cipher suites (AEAD ciphers like AES-GCM)
Enable HSTS (HTTP Strict Transport Security)
Configure OCSP Stapling
Automate certificate renewal with certbot

Frequently Asked Questions

Common questions about the SSL/TLS Checker

This tool performs a real TLS handshake with the target server to analyze: the SSL/TLS certificate details (subject, issuer, validity, SANs), the certificate chain, supported protocols (TLS 1.0, 1.1, 1.2, 1.3), negotiated cipher suites, and potential security issues.

⚠️ Security Notice

This tool is provided for educational and authorized security testing purposes only. Always ensure you have proper authorization before testing any systems or networks you do not own. Unauthorized access or security testing may be illegal in your jurisdiction. All processing happens client-side in your browser - no data is sent to our servers.