TLS · SSL · cert chain

TLS certificate checker.

Inspect the cert chain, protocol, cipher, ALPN, and HSTS for any host. Plus an A–F grade. Works on any port; default is 443.

What this checker does

We open a TLS handshake to host:port, walk the certificate chain from leaf to root, and surface the bits that matter — issuer, expiration, signature algorithm, key length, Subject Alternative Names, and the SHA-256 fingerprint. We also report the negotiated protocol, cipher, ALPN, and any HSTS header the server sets.

How the grade is computed

  • A — TLS 1.3 with a modern AEAD cipher (AES-GCM, ChaCha20-Poly1305).
  • B — TLS 1.2 with an AEAD cipher.
  • C — TLS 1.2 with a CBC cipher (consider upgrading — padding-oracle attacks have a long history here).
  • F — Anything older than TLS 1.2.

This is a friendly preview, not a full Qualys-style audit. We don't probe for OCSP stapling, downgrade resistance, BEAST/LUCKY13/heartbleed, etc. If you need depth, use SSL Labs.

JSON API

Same data, machine-readable: GET /api/tls/<host>. CORS-enabled, edge-cached for 5 minutes. Example: /api/tls/ipferret.com.