codynet

TLS

TLS Certificate Checker

Check the TLS / SSL certificate a server actually serves — expiration, certificate chain, issuer, SANs, and trust status.

TLS certificate inspector

Connect over TLS and read the presented certificate chain.

Allowed ports: 443, 465, 587, 993, 995, 8443.

Results

Run a lookup to see structured results here.

Practical guide

How to inspect a TLS certificate

Use this page to check what certificate an endpoint actually serves, whether it is trusted, and whether it is close to expiration.

What this tool checks

The TLS inspector opens a TLS connection to the host and reads the certificate details presented by the server. The important fields are the subject names, issuer, validity window, certificate chain, fingerprint, and trust status. This reflects the live endpoint, not just what your certificate provider says was issued.

When to use it

Use it before renewing a certificate, after changing a CDN or load balancer, when users report browser warnings, or when a domain serves the wrong certificate. It is also useful after a deployment because backend and edge systems can serve different certificates if one layer was missed.

How to read the result

First check that the requested hostname appears in the subject alternative name list. Then check the not-before and not-after dates, the issuer, and whether the chain is trusted. A valid certificate can still be wrong if it does not cover the hostname users are visiting.

Example TLS inspection

Example input
example.com:443
Example result
subject: example.com
issuer: DigiCert Global G3 TLS ECC SHA384 2020 CA1
valid to: 2026-01-15
trusted: true

The hostname must be covered by the certificate names, and the full chain must be trusted by normal clients.

Related tools

HTTP Header Inspector

Check HSTS, redirects, and other headers that affect HTTPS behavior.

Open tool

DNS Lookup

Confirm that the hostname points to the server or CDN you expect.

Open tool

DIG Lookup

Inspect DNS response details when a certificate issue may be routing-related.

Open tool

Related guides

TLS Certificate Expiration And Troubleshooting

Read certificate dates, SANs, chains, and the common ways renewals fail.

Read guide

What Is A CAA Record?

Restrict which CAs may issue certificates for your domain.

Read guide

FAQ

Why does the certificate look valid but my browser still warns users?
Check whether the browser is visiting a different hostname, whether an intermediate certificate is missing, or whether a CDN or load balancer is serving an older certificate on some edge nodes.
What is a subject alternative name?
The subject alternative name list is the set of hostnames the certificate is valid for. Modern browsers rely on this list when matching a certificate to a site.
Can this check non-HTTPS ports?
The tool supports common TLS ports that are safe for this hosted environment, including web and mail-related TLS ports. Unsupported ports are blocked by design.

Last reviewed: 2026-05-20.