SSL/TLS Certificate Inspection and Verification
TLS certificates establish trust between browsers and servers. A certificate tells you who the site claims to be, who vouched for that claim, and how long the vouching is valid. Inspecting certificates reveals expired certs, weak keys, missing SANs, and self-signed certificates that browsers should reject.
Try it now
Certificate Decoder
Runs in your browser, nothing leaves your device.
Subject and Subject Alternative Names (SANs) show which domains the cert covers. Issuer shows the Certificate Authority. Validity dates tell you if it's expired or expiring soon. Key algorithm and size matter: RSA below 2048 bits is weak, and SHA-1 signatures are deprecated. Check the full chain from leaf to root CA.
Red flags
Self-signed certificates on public-facing sites (legitimate for dev, suspicious in production). Certificates issued by unknown CAs. Wildcard certs (*.example.com) covering too broad a scope. Very short validity periods from free CAs can indicate a recently created phishing site. Mismatched SANs where the certificate doesn't cover the domain you're visiting.
Examples
Suspicious certificate
Subject: CN=paypa1.com
Issuer: Let's Encrypt
Valid: 2024-03-10 to 2024-06-08
Typosquatting domain (paypa1 with numeral 1). Short-lived free cert. Likely phishing.
Security context
Let's Encrypt made HTTPS free and universal, which is great for the web but also means phishing sites get valid certificates trivially. HTTPS does not mean safe. Always check what domain the certificate actually covers.
Frequently asked
No. HTTPS means the connection is encrypted, not that the site is trustworthy. Phishing sites routinely use valid HTTPS certificates from free providers like Let's Encrypt. HTTPS protects the transport layer but says nothing about the site's intent.
Related techniques
HTTP Security Headers Checklist
Review HTTP response headers for security misconfigurations. Check for missing HSTS, X-Content-Type-Options, X-Frame-Options, and information leaks in Server headers.
Detecting Phishing URLs: Indicators and Techniques
Analyze URLs for phishing indicators: typosquatting, homoglyph attacks, suspicious subdomains, URL shortener abuse, and credential harvesting parameters.