How to Check It Yourself
Follow this short guide. Reading it and checking the certificate will only take a few minutes.
You can repeat the check independently of our analyser. It is not enough for a page to appear at an
https:// address: the browser must trust the certificate and it must cover your hostname.
Quick browser check
- Open
https://example.com, replacing the address with your own. - Confirm that the browser does not display a full-page “Your connection is not private” warning.
- Click the site controls icon to the left of the address and open the security or certificate details.
- Confirm that the connection is secure and the certificate was issued for your hostname.
- If the
wwwaddress is used, openhttps://www.example.comseparately.
To keep evidence, save a screenshot of the address bar and the certificate details window.
Independent online check
- Open the Qualys SSL Server Test.
- Enter only the hostname, without
https://or a page path. - If required, select Do not show the results on the boards and start the test.
- Check the certificate hostname, trust errors and browser compatibility in the report.
Technical check
Display the TLS connection and server response:
curl -Iv https://example.com/
Display the subject, issuer, dates and hostnames in the certificate:
openssl s_client \ -connect example.com:443 \ -servername example.com \ </dev/null 2>/dev/null | openssl x509 \ -noout \ -subject \ -issuer \ -dates \ -ext subjectAltName
An approaching expiry date is not an error while the certificate remains valid, because most hosting providers renew it automatically. There is an error when the certificate has already expired, does not cover the hostname, is not trusted by browsers, or HTTPS is unavailable.