SSL/TLS & security tools
Inspect certificates and chains, scan TLS, grade headers, find mixed content.
Read an SSL/TLS certificate's subject, issuer, validity, and SANs.
CSR decoderRead the subject, key details, and SANs inside a certificate signing request.
HSTS checkerVerify your Strict-Transport-Security header and preload eligibility.
Mixed content checkerFind insecure HTTP resources loaded on your HTTPS pages.
Security headers gradeGrade a site's HSTS, CSP, X-Frame-Options and more, A–F, with fixes.
SSL certificate checkerSee a host's TLS certificate issuer, validity dates, and days until it expires.
SSL chain checkerVerify the full certificate chain, not just the leaf — catch missing intermediates.
TLS / cipher scanSee which TLS versions a host supports and grade its configuration.
An expired certificate or a weak TLS configuration breaks trust instantly — browsers warn visitors away and APIs stop connecting. These free SSL and security tools let you inspect a certificate and its full chain, run a complete TLS and cipher scan, grade your security headers, and catch insecure mixed content on HTTPS pages. Use them for a point-in-time audit, then turn on SJ Monitor's SSL monitoring so you are warned well before a certificate expires or the chain breaks.
Frequently asked questions
How early should I know about an expiring certificate?
At least two weeks out, so you have time to renew and deploy without a scramble. SJ Monitor's SSL monitoring tracks expiry and alerts you in advance automatically.
What's the difference between checking the certificate and the chain?
The certificate check reads the leaf served by your host, while the chain checker verifies every intermediate up to a trusted root — a common cause of "works in one browser, fails in another."
What's the difference between the certificate and the TLS configuration?
The certificate is the identity document proving who you are; the TLS configuration is which protocol versions and ciphers your server will negotiate. A valid cert on a weak TLS setup still scores poorly — check both with the cert tools and the TLS scan.
Which TLS versions should I support?
TLS 1.2 and 1.3 only. TLS 1.0 and 1.1 are deprecated, rejected by modern browsers and PCI standards, and leave you open to downgrade attacks, so disable them.
Why do security headers belong with SSL tools?
HTTPS protects data in transit, but headers like HSTS, CSP, and X-Frame-Options protect how the page behaves once loaded. Together they form a complete transport-and-browser security posture, which is why both live here.
Other tool categories
Want any of this watched around the clock? Turn on SJ Monitor's SSL monitoring — create a free account and we'll alert you the moment something changes.