Check if a website has valid SSL/TLS certificate. Verify HTTPS connection and get tools for detailed certificate analysis
Enter a domain and this tool checks whether it responds over HTTPS, then hands you the exact OpenSSL command to inspect its certificate yourself. Important: a web page running in your browser cannot read another site's TLS certificate, browser security (the same-origin and no-cors rules) deliberately blocks that. So this tool does the part it actually can: it confirms HTTPS reachability and generates the command to pull the full certificate from your terminal.
Initializing in your browser…
Generate Certificate Signing Requests (CSR) for SSL/TLS certificates with RSA key pairs. Submit to CAs for certificate issuance
Decode and analyze PEM-encoded X.509 SSL/TLS certificates. View subject, issuer, validity, extensions, and fingerprints
Generate self-signed SSL/TLS certificates for local development and testing. Includes Subject Alternative Names support
You want to confirm example.com is serving over HTTPS and then inspect its real certificate chain and expiry.
Hostname checked
example.com
What the tool returns
HTTPS: reachable, responds on port 443 ✓ To read the certificate itself, run: openssl s_client -connect example.com:443 -servername example.com \ | openssl x509 -noout -text
Browser JavaScript cannot read a remote certificate's internals cross-origin (the same-origin policy blocks it), so the tool does the part a browser can do, confirm the host answers over HTTPS, and then hands you the exact `openssl` command to dump the real chain, expiry, and signature locally. It is an honest reachability check plus the precise next step, not a fabricated certificate readout.
Enter a domain and this tool checks whether it responds over HTTPS, then hands you the exact OpenSSL command to inspect its certificate yourself. Important: a web page running in your browser cannot read another site's TLS certificate, browser security (the same-origin and no-cors rules) deliberately blocks that. So this tool does the part it actually can: it confirms HTTPS reachability and generates the command to pull the full certificate from your terminal.
When you submit a domain, the tool issues a fetch to https://<domain> with method HEAD and mode 'no-cors'. If that request resolves, the host answered over HTTPS, and the tool reports that the connection succeeded along with the round-trip response time. Because the request is opaque (no-cors), the browser does not expose the certificate, the response status, the chain, the protocol version, or the cipher, so none of those are shown; the tool is honest about this with an on-screen browser-limitation notice. To get the real certificate details (expiry, issuer, SANs, key size, full chain), it generates a ready-to-copy command: openssl s_client -connect <domain>:443 -servername <domain> 2>/dev/null | openssl x509 -noout -text. Run that in a terminal, or paste a PEM certificate into the Certificate Decoder tool, to see the actual fields.
Confirm a domain is answering over HTTPS and see roughly how fast it responds.
Grab a correctly formed openssl s_client command for the domain instead of remembering the flags.
Run the generated command, then paste the PEM into the Certificate Decoder to read expiry, issuer, and SANs.
No. Browser security prevents a web page from reading another site's TLS certificate. The HTTPS request here is opaque (no-cors), so the tool can confirm reachability but cannot see the certificate, chain, or protocol version.
Run the OpenSSL command the tool generates (openssl s_client ... | openssl x509 -noout -text) in your terminal, click the lock icon in your browser's address bar, or paste the PEM into the Certificate Decoder tool.
A no-cors HEAD request can be rejected for reasons unrelated to the certificate (CORS policy, blocked HEAD, redirects). A failed check means the request did not resolve, not necessarily that the certificate is invalid.
This runs as client-side JavaScript. Keys, tokens, payloads, and other inputs never leave your device.