How to Check an SSL Certificate
- Enter a domain name (e.g.
example.com) into the input above — no need to includehttps://. - Click “Check Certificate.” We connect to that domain on port 443 and read its public certificate.
- Review the result. Expiry date, issuer, trust status, and the full list of Subject Alternative Names are shown immediately.
Why This Tool Isn't Client-Side
Every other tool on Unformat.online runs entirely in your browser. This one is different: a browser's JavaScript has no API to read the TLS certificate metadata of a connection — that information is deliberately kept out of reach for security reasons. Actually inspecting a certificate's issuer, expiry, and SANs requires opening a real TLS connection to the target server, which only a server-side process can do. So this tool sends the domain name you enter to our server, which performs the handshake and sends back only the certificate metadata — never any of the connection's encrypted contents.
Frequently Asked Questions
Does this tool send my data to a server?
Yes — this is the one tool on Unformat.online that does. Only the domain name you type is sent; it is used solely to perform the certificate check and is never logged or stored. See our privacy policy for the full explanation.
Is it safe to enter a domain here?
Yes. Only enter public domain names — the tool connects the same way your browser would when visiting that site over HTTPS, and cannot reach private or internal network addresses.
What is a Subject Alternative Name (SAN)?
A SAN is an additional hostname a certificate is valid for, beyond its primary subject — for example a certificate for example.com often also lists www.example.com or a wildcard like *.example.com.
Why does my certificate show as expired or untrusted?
A certificate can be technically present but still show as untrusted: it may be self-signed, issued by a private CA, or have an incomplete chain. Expiry is calculated independently, so you'll see it even on a certificate that's otherwise untrusted.