SSL Certificate Checker

このツールが使われる理由

SSL Certificate Checker opens a TLS connection to the domain on port 443 and inspects the certificate chain — issuer, expiry, fingerprints, alt names, and the negotiated protocol and cipher. Use it to catch expiring or misconfigured certs before users do.

• Catch expiring certificates before they break production.
• Verify a Let's Encrypt or commercial cert renewed correctly after a deploy.
• Confirm the certificate covers all the subjectAltName hostnames you expect.

使い方

1. 1Enter the domain (no protocol).
2. 2Read days remaining, issuer, common name, and SANs.
3. 3Expand the chain section to verify intermediates are sent by the server.

Best practices

• Set up monitoring that alerts at least 14 days before expiry.
• Always send the full chain (leaf + intermediates) — clients should not have to fetch them.
• Pin TLS 1.2+ on the server; disable TLS 1.0 and 1.1.
• Use a single certificate with multiple SANs rather than many one-off certs where possible.

Common mistakes to avoid

• Do not rely on the OS clock for renewal — automate renewal with cron, systemd timers, or your hosting platform.
• Do not rely on a self-signed cert anywhere users will see it.
• Do not forget to renew certs on internal dashboards and admin tools.
• Do not hardcode old fingerprints in cert-pinning configs without an alternative pin set.