How to Check It Yourself

Follow this short guide. Reading it and checking the certificate will only take a few minutes.

You can repeat the check independently of our analyser. It is not enough for a page to appear at an https:// address: the browser must trust the certificate and it must cover your hostname.

Quick browser check

  1. Open https://example.com, replacing the address with your own.
  2. Confirm that the browser does not display a full-page “Your connection is not private” warning.
  3. Click the site controls icon to the left of the address and open the security or certificate details.
  4. Confirm that the connection is secure and the certificate was issued for your hostname.
  5. If the www address is used, open https://www.example.com separately.

To keep evidence, save a screenshot of the address bar and the certificate details window.

Independent online check

  1. Open the Qualys SSL Server Test.
  2. Enter only the hostname, without https:// or a page path.
  3. If required, select Do not show the results on the boards and start the test.
  4. Check the certificate hostname, trust errors and browser compatibility in the report.

Technical check

Display the TLS connection and server response:

curl -Iv https://example.com/

Display the subject, issuer, dates and hostnames in the certificate:

openssl s_client \
  -connect example.com:443 \
  -servername example.com \
  </dev/null 2>/dev/null |
openssl x509 \
  -noout \
  -subject \
  -issuer \
  -dates \
  -ext subjectAltName

An approaching expiry date is not an error while the certificate remains valid, because most hosting providers renew it automatically. There is an error when the certificate has already expired, does not cover the hostname, is not trusted by browsers, or HTTPS is unavailable.