SSL certificate checklist
An SSL/TLS certificate proves your site identity to browsers and enables encrypted HTTPS connections.
Checklist
Confirm the certificate is valid for the exact hostname users visit, including www or subdomains. Check the certificate has not expired and has enough time remaining for your renewal process.
Review the issuer, subject alternative names, signature type, and intermediate certificate chain. A missing intermediate can cause errors for some clients even when the leaf certificate looks valid.
Operational tips
Automate renewal where possible, monitor expiry well before the final week, and test redirects so HTTP visitors land on the HTTPS version. Pair a valid certificate with HSTS when you are confident the site and subdomains are HTTPS-ready.
How NerdTools helps
The SSL checker connects to port 443, validates the certificate, shows days remaining, and summarises the certificate chain so you can spot expiry and chain issues quickly.
FAQ
How often should I check SSL expiry?
Automated monitoring is best. Manually review after certificate changes, DNS changes, CDN changes, and before major launches.
Why does the chain matter?
Browsers need a path from your leaf certificate to a trusted root. Missing intermediates can break that path for some clients.
Is HTTPS enough for security?
HTTPS is essential, but you should also review headers, application security, cookies, redirects, and server configuration.