SSL/TLS Certificate Analyzer
Paste a PEM-encoded certificate to instantly check expiry, signature algorithm, key strength, SANs, and get an A–F security grade. Everything runs in your browser.
Paste Your Certificate
How It Works
Paste Your Certificate
Copy the PEM text from your server or certificate file. We accept standard X.509 certificates in PEM format (Base64 between BEGIN/END markers).
Instant Analysis
Your browser decodes the certificate and extracts subject, issuer, validity, algorithm, key size, SANs, and extensions. Nothing is sent to any server.
Get Your Grade
Receive an A–F security grade based on algorithm strength, key size, expiry status, and whether the cert is self-signed. Plus actionable recommendations.
FAQ
Is my certificate data sent anywhere?
No. The entire analysis runs in your browser using JavaScript. Your certificate never leaves your device. There are no server requests except badge image fetches.
What certificate format is supported?
Standard PEM-encoded X.509 certificates (the text between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----). This is the most common format used by web servers, exported from browsers, or generated by tools like OpenSSL and Let's Encrypt.
What does the grade mean?
Grades range from A (strong: modern algorithm, adequate key size, valid expiry) to F (critical: expired, weak algorithm like MD5/SHA-1, or very small key). The grade considers signature algorithm, public key strength, days until expiry, and whether the certificate is self-signed.
Can I check my live website's certificate?
This tool analyses certificate files you paste. To get your site's PEM certificate, run: echo | openssl s_client -connect yourdomain.com:443 2>/dev/null | openssl x509 and paste the output here.
Track certificate expiry across your stack
Monitor releases, EOL dates, and security updates for every technology you depend on.
Explore All Tools →