TLS certificate validation

Inspect certificate validity, issuer, expiry, SANs, and TLS version. Connects server-side to port 443 -- expired and self-signed certs included.

Public config only -- no intrusive scanning

Enter a domain (e.g. github.com). The check runs server-side on port 443.

SAVR analyzes publicly accessible certificate metadata only. No intrusive scanning is performed.

Server-side check — The request originates from our server. Certificate data is not stored. "Untrusted" means the certificate chain is not signed by a publicly trusted CA -- the cert may still be valid for internal use.

Guide

TLS Certificate Validation: what it does and how to use it

What this Security tool does

This TLS validation page checks the public certificate and connection metadata for a domain. It is aimed at website owners who need to confirm HTTPS setup, expiry, SAN coverage, issuer details, and protocol information.

How it works

Enter a public hostname and SAVR performs a server-side TLS handshake on port 443. Private networks are blocked, and the response contains structured certificate metadata instead of raw socket data.

Examples

  • Validate a certificate after DNS migration.
  • Check expiry before renewal windows.
  • Confirm the certificate covers all public hostnames.

Security considerations

This is a passive public configuration check. It does not attack the site, crawl paths, or test vulnerabilities beyond TLS metadata.

FAQ

Why check TLS regularly?

Expired or misconfigured certificates can break user trust and search visibility.

Can this see private certificates?

Only if they are served publicly on port 443, and private networks are blocked.

Does this replace monitoring?

No. Use monitoring for alerts; use this for quick manual checks.