User Rating 0.0 ★★★★★

Total Usage 0 times

Category Security

Current Status

Unknown

Days Remaining

Issuer Organization

Chain of Trust (Reconstructed)

Subject Alternative Names (SANs)

Latest Certificate Details

Common Name	--
Serial Number	--
Valid From	--
Valid To	--
Signature Algo	--
Entry Timestamp	--

Issuance History (Log Excerpt)

Logged At	Issuer	Not Before	Not After	Status

Is this tool helpful?

Your feedback helps us improve.

★ ★ ★ ★ ★

About

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cryptographic backbones of the modern web. However, a valid padlock icon does not guarantee a healthy security posture. Misconfigured intermediate chains, deprecated hashing algorithms, or unexpected certificates issued by unauthorized Certificate Authorities (CAs) can leave systems vulnerable or inaccessible.

This tool leverages Certificate Transparency (CT) Logs to perform a deep audit of a domain's certificate history. Unlike standard checkers that only ping the server, this utility retrieves the public ledger of certificates issued for the domain. This allows for the detection of Shadow IT issuance and provides a timeline of security updates.

Mathematical integrity in cryptography relies on the difficulty of prime factorization. For an RSA key, the public key n is the product of two large primes p and q. The security strength is often denoted by the bit length of n (e.g., 2048 or 4096). This tool estimates the health of your encryption configuration based on these standards.

Formulas

The validity of a certificate is determined by the current time t relative to the issuance window. A certificate is valid if and only if:

t ∈ [t_notBefore, t_notAfter]

The remaining lifespan L is calculated as:

L = max(0, t_notAfter − t_now)

Where t is measured in milliseconds. Security warnings are triggered when L drops below a safety threshold (typically 14-30 days).

Reference Data

Security Attribute	Standard / Recommended Value	Risk Threshold (Deprecated)	Technical Context
Public Key Size (RSA)	2048 bits or 4096 bits	≤ 1024 bits	Determines the computational effort required to break the encryption via factorization.
Signature Algorithm	SHA-256 (sha256WithRSA)	SHA-1, MD5	Hash functions ensure integrity. Older algorithms (SHA-1) are vulnerable to collision attacks.
Validity Period	90 to 397 days	> 825 days	Shorter validity reduces the window of opportunity for compromised keys.
Certificate Authority	Trusted Root (e.g., DigiCert, ISRG)	Self-Signed, Unknown	The entity that validates the domain ownership. Browsers rely on a pre-installed Root Store.
Protocol Version	TLS 1.2 or TLS 1.3	SSL 3.0, TLS 1.0, TLS 1.1	Newer protocols support modern cipher suites (e.g., AEAD) and faster handshakes.
Transparency Log	Present	Absent	Presence in CT logs (e.g., crt.sh) is mandatory for Chrome and Safari trust.

Frequently Asked Questions

This is a feature of Certificate Transparency logs. You are seeing the history of every certificate ever issued, including Pre-Certificates (promises to issue) and renewals. This helps you identify if a rogue Certificate Authority issued a cert for your site without your permission.

The Chain of Trust is a hierarchical link of certificates. Your website's "Leaf" certificate is signed by an "Intermediate" issuer, which is in turn signed by a "Root" CA. The Root CA is trusted implicitly by your operating system. If any link in this chain is broken or missing, browsers will display a security warning.

In modern SSL, the Common Name (CN) is often ignored in favor of SANs. The SAN list defines exactly which subdomains (e.g., www.example.com, mail.example.com) are secured by the certificate. If a subdomain works but shows an SSL error, it is often missing from the SAN list.

Let's Encrypt is a free, automated, and open Certificate Authority provided by the Internet Security Research Group (ISRG). It is highly trusted and standard for modern web security, though its certificates typically have a short lifespan (90 days) requiring automated renewal.

No. This tool relies on public Certificate Transparency logs (like crt.sh). It cannot see certificates on private networks or those not logged in the public ledger.