Free SSL Certificate Checker

Paste your openssl x509 -text output or raw PEM certificate below to instantly check expiry dates, issuer details, Subject Alternative Names, and more. Everything runs in your browser — no data is ever sent to a server. Built by WebEvra.

openssl s_client -connect domain.com:443 </dev/null 2>/dev/null | openssl x509 -text -noout

How to Get Your Certificate

Linux / macOS
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -text -noout
Run in Terminal. Replace example.com with your domain. Paste the full output above.
Windows (PowerShell)
echo "" | openssl s_client -connect example.com:443 2>$null | openssl x509 -text -noout
Requires OpenSSL installed (comes with Git for Windows). Run in PowerShell.
Get Raw PEM Only
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509
Outputs only the PEM-encoded certificate. Use the "Raw PEM" tab above to paste it.
Certificate Details

Frequently Asked Questions

What is an SSL certificate and why does it matter?

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection between a web server and a browser. It protects sensitive data like login credentials, payment information, and personal details from being intercepted by attackers. Websites with valid SSL certificates display HTTPS in the address bar and a padlock icon, signaling trust to visitors and search engines alike.

How do I check when my SSL certificate expires?

You can check your SSL certificate expiry by running echo | openssl s_client -connect yourdomain.com:443 2>/dev/null | openssl x509 -text -noout in your terminal and pasting the output into this tool. It will parse the "Not Before" and "Not After" dates and show you exactly how many days remain until expiry. You should renew your certificate before it expires to avoid browser security warnings.

What happens if my SSL certificate expires?

When an SSL certificate expires, web browsers will display a full-page security warning to visitors, telling them the connection is not secure. This causes most visitors to leave immediately, damaging your traffic and reputation. Search engines like Google also penalize sites with expired certificates in their rankings. Most certificate authorities and hosting providers offer auto-renewal to prevent this.

What is the difference between a self-signed and CA-signed certificate?

A self-signed certificate is created and signed by the website owner rather than a trusted Certificate Authority (CA). While self-signed certificates provide encryption, browsers do not trust them and will show security warnings. CA-signed certificates are issued by trusted authorities like Let's Encrypt, DigiCert, or Sectigo, and are automatically trusted by browsers. For production websites, always use a CA-signed certificate.

What are Subject Alternative Names (SANs) in an SSL certificate?

Subject Alternative Names (SANs) are additional hostnames or domains that a single SSL certificate covers. For example, a certificate for "example.com" might also include SANs for "www.example.com", "mail.example.com", and "*.example.com". SANs allow one certificate to secure multiple domains or subdomains, which is more cost-effective and easier to manage than having separate certificates for each.