How to check domain SSL certificate for validity

Having an SSL certificate has long been a requirement for any website. Resources that don’t use this certificate don’t get much organic traffic, and all attempts at promotion are doomed to failure. SSL is required to transition a web resource to the secure HTTPS protocol.

What is an SSL Certificate

An SSL (Secure Sockets Layer) certificate is a digital certificate used for a secure connection between a server and a client browser. It uses encryption to protect the data transferred between the server and the client. When connecting to the server, the user’s browser verifies the certificate and establishes a secure connection if the SSL is valid. The operation is impossible if the certificate is invalid – an HTTP connection will be established.

SSL certificates are used to install the HTTPS (HTTP Secure) protocol on websites. When a user interacts with a website via HTTPS, all data is transmitted over a secure protocol. Such data includes passwords, personal information, and payment information.

SSL certificates have several levels of trust:

• certificates with simplified verification (DV) confirm only domain ownership;
• certificates with standard verification (OV) confirm the ownership of the domain and the existence of the organization;
• Extended Validation (EV) certificates confirm domain ownership, the existence of an organization and the legitimacy of its activities.

Different types of SSL can protect a single domain, a domain with subdomains, or multiple domains at once.

SSL can be purchased from different certificate authorities. You can order certificates from Certum, Comodo (Sectigo), DigiCert, GeoTrust, GlobalSign, RapidSSL, Symantec, Thawte.

How to check SSL certificates authenticity

Once SSL is installed, it is important to make sure it is configured and working properly. There are several ways to check validity.

Online services

There are many SSL authentication tools on the web. They work quite simply: you enter the URL of the site and run the check. After a few seconds, the service will show the result. Usually it is detailed information about the certificate validity period, compatibility with browsers, presence of errors.

Verification services are offered by many certification centers. Popular tools:

• Ssl4less;
• SSL Checker;
• Trackssl;
• Digicert;
• MrDomain;
• SSL verification tool from TutHost.

You don’t have to use them, though. You can also perform the certificate verification operation in a normal browser.

Google Chrome browser

If the site uses the HTTPS protocol, you will see a gray padlock in the address bar. If you click on it, you will see a menu with the term “Secure Connection”. Click on it and you will see the “Valid Certificate” item. Select it to see detailed information:

• to whom and by whom issued;
• term of service;
• serial number and other data.

An alternative way to check the security of the connection: call the Developer Console with the keyboard shortcut Ctrl+Shift+I and go to the Security tab. If you have valid SSL, you will see the line “This page is secure (valid HTTPS)” in green.

You can also check the authenticity of the certificate in Mozilla Firefox in the same way.

SSL certificate is invalid – what to do?

Sometimes the installed SSL fails the validity check. This can happen for several reasons.

• The certificate has expired. SSL has an expiration date after which it must be replaced. Monitor the deadline to ensure that the website always uses the secure HTTPS protocol.
• The certificate is not browser compatible. Popular browsers (Chrome, Opera, Mozilla) support SNI. Server name indication allows the client or browser to specify which host name it connects to. This allows the server to provide multiple certificates for the same IP address and port number. If your browser does not support SNI, you need to update your browser or set up a dedicated IP address.
• The domain in the SSL certificate does not match the site URL in the address bar. For example, in the certificate the domain is specified with the prefix “www” and you can’t get to mysite.com. The problem can be solved by listing in the certificate the names of all hosts that belong to the resource.
• The site on HTTPS is not indexed. Perhaps the ban is set in robots.txt – the file should not block the site from scanning for HTTPS.
• The content of HTTP and HTTPS pages is different. In this case, you need to edit the pages so that their content is the same.

An SSL certificate is a critical component of an enterprise’s overall security strategy. With the increasing number of internet-connected devices, online portals and services that organizations manage, there are more threat vulnerabilities that these systems face. For additional protection, we recommend purchasing a Code Signing certificate from us at TutHost.