What does an SSL checker do?
An SSL checker inspects the SSL/TLS certificate presented by a website during an HTTPS connection, verifying expiry dates, issuer details, trust chains, supported TLS versions, and domain coverage.
SSL & HTTPS support
SSL Checker FAQs
In-depth explanations of how SSL/TLS certificates work, why browsers show warnings, how trust chains are validated, and what secure HTTPS configuration looks like.
Does running an SSL check change anything?
No. SSL checks are completely read-only. They do not modify certificates, server configuration, encryption settings, or traffic in any way.
What is the difference between SSL and TLS?
TLS (Transport Layer Security) is the modern replacement for SSL. Although the term SSL is still widely used, all modern HTTPS connections use TLS.
Which TLS versions should be supported?
Best practice is to support TLS 1.2 and TLS 1.3 only. Older protocols such as SSLv3, TLS 1.0, and TLS 1.1 are insecure and should be disabled.
Why do browsers show SSL or HTTPS warnings?
Browser warnings appear when a certificate is expired, untrusted, self-signed, revoked, missing intermediate certificates, or does not match the domain name.
Why do SSL certificates expire?
Certificates expire to reduce the impact of compromised keys and outdated cryptographic standards. Short lifetimes improve overall internet security.
What happens if an SSL certificate expires?
Browsers will display security warnings or block access entirely. APIs and mobile apps may refuse to connect until a valid certificate is installed.
What is a certificate trust chain?
A trust chain links a website certificate to a trusted root certificate authority through one or more intermediate certificates.
What happens if an intermediate certificate is missing?
Some browsers and devices may fail to establish trust, causing SSL warnings even if the main certificate appears valid.
What is a certificate domain mismatch?
A domain mismatch occurs when a certificate does not include the requested domain name in its Common Name or Subject Alternative Names.
What is a wildcard SSL certificate?
A wildcard certificate secures a domain and all its first-level subdomains, such as *.example.com.
What is a multi-domain (SAN) certificate?
A multi-domain certificate secures multiple, unrelated domain names using a single certificate.
Is SSL required for APIs?
Yes. HTTPS is required for modern APIs. Many platforms and clients refuse to connect to APIs over unencrypted HTTP.
Is SSL required for mobile apps?
Yes. iOS and Android enforce HTTPS by default. Invalid or insecure certificates can cause app network requests to fail.
What is App Transport Security (ATS)?
ATS is an iOS security feature that enforces HTTPS connections using strong TLS configurations and valid certificates.
What is certificate revocation?
Revocation invalidates a certificate before its expiry date, typically due to key compromise or mis-issuance.
What is OCSP?
OCSP (Online Certificate Status Protocol) allows browsers to check whether a certificate has been revoked in real time.
How does SSL relate to HSTS?
HSTS forces browsers to use HTTPS only. If SSL fails while HSTS is active, users may be completely locked out of the site.
Does HTTPS affect performance?
Modern HTTPS has minimal overhead and often improves performance due to HTTP/2 and TLS optimisations.
What is Let’s Encrypt?
Let’s Encrypt is a free certificate authority that provides automated, trusted SSL certificates for websites.
What are SSL best practices?
Best practices include automated renewal, TLS 1.2+ only, complete certificate chains, strong ciphers, monitoring expiry, and avoiding deprecated protocols.
Does Velohost store SSL inspection data?
No. SSL inspections are performed live and no certificates, domains, IP addresses, or results are stored or logged.
Want to try it yourself? Run SSL checker or Check HSTS configuration or Test IPv6 HTTPS support
Ready to inspect a certificate?