Use Cloudflare’s PKI and TLS toolkit to check online certificate.
See how to use Cloudflare’s PKI and TLS toolkit blog post for basic details.
Inspect host for possible issues.
$ cfssl scan sleeplessbeastie.eu
Scanning sleeplessbeastie.eu... === sleeplessbeastie.eu === { "Broad": { "IntermediateCAs": { "grade": "Skipped" } }, "Connectivity": { "CloudFlareStatus": { "grade": "Skipped", "error": "Couldn't parse CIDR range: invalid CIDR address: 131.0.72.0/222400:cb00::/32" }, "DNSLookup": { "grade": "Good", "output": [ "192.0.78.138", "192.0.78.223" ] }, "TCPDial": { "grade": "Good" }, "TLSDial": { "grade": "Good" } }, "PKI": { "ChainExpiration": { "grade": "Good", "output": "2022-11-03T10:07:28Z" }, "ChainValidation": { "grade": "Warning", "output": [ "Certificate for R3 is valid for too long" ] }, "MultipleCerts": { "grade": "Good" } }, "TLSHandshake": { "CertsByCiphers": { "grade": "Good", "output": { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": "SHA256WithRSA", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": "SHA256WithRSA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": "SHA256WithRSA", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": "SHA256WithRSA" } }, "CertsBySigAlgs": { "grade": "Good", "output": { "{RSA,SHA1}": "SHA256WithRSA", "{RSA,SHA256}": "SHA256WithRSA", "{RSA,SHA384}": "SHA256WithRSA" } }, "CipherSuite": { "grade": "Good", "output": [ { "ECDHE-RSA-AES128-GCM-SHA256": [ { "TLS 1.2": [ "secp256r1", "secp384r1", "secp224r1", "secp521r1" ] } ] }, { "ECDHE-RSA-AES256-GCM-SHA384": [ { "TLS 1.2": [ "secp256r1", "secp384r1", "secp224r1", "secp521r1" ] } ] }, { "ECDHE-RSA-AES128-SHA": [ { "TLS 1.2": [ "secp256r1", "secp384r1", "secp224r1", "secp521r1" ] } ] }, { "ECDHE-RSA-AES256-SHA": [ { "TLS 1.2": [ "secp256r1", "secp384r1", "secp224r1", "secp521r1" ] } ] } ] }, "ECCurves": { "grade": "Good", "output": [ "secp256r1", "secp384r1", "secp224r1", "secp521r1" ] }, "SigAlgs": { "grade": "Good", "output": [ { "signature": "RSA", "hash": "SHA256" }, { "signature": "RSA", "hash": "SHA384" }, { "signature": "RSA", "hash": "SHA1" } ] } }, "TLSSession": { "SessionResume": { "grade": "Good", "output": { "192.0.78.138": true, "192.0.78.223": true } } } }
Display certificate details for specific host.
$ cfssl certinfo -domain sleeplessbeastie.eu
{ "subject": { "common_name": "tls.automattic.com", "names": [ "tls.automattic.com" ] }, "issuer": { "common_name": "R3", "country": "US", "organization": "Let's Encrypt", "names": [ "US", "Let's Encrypt", "R3" ] }, "serial_number": "329687950352914095258704810615509585734723", "sans": [ "apkgo.game.blog", "bhhpmaccounting.com", "blog.kinesis-cem.com", "burhanabdullahi.com", "cecilesavelli.com", "christianspirit.org.za", "digitalmarketingguide.co", "firefromthebooth.com", "if-only-mowgli.com", "invadingforcesabuja.family.blog", "kin.poetry.blog", "kingdomofashes.net", "mendozafrazier8.law.blog", "mizukichimi.blog", "motherclucker.co.uk", "myriadvoices.com", "nammosltd.ca", "nativitypuppets.org", "owlistblog.ca", "sleeplessbeastie.eu", "soniaboulimiquedeslivres.fr", "tls.automattic.com", "waters86mcdowell.health.blog", "www.apkgo.game.blog", "www.ashby80grady.law.blog", "www.burhanabdullahi.com", "www.cecilesavelli.com", "www.christianspirit.org.za", "www.digitalmarketingguide.co", "www.dwdeeare.com", "www.if-only-mowgli.com", "www.invadingforcesabuja.family.blog", "www.kingdomnowseries.com", "www.kingdomofashes.net", "www.liefcapital.com", "www.lineage.poetry.blog", "www.mizukichimi.blog", "www.motherclucker.co.uk", "www.myriadvoices.com", "www.nammosltd.ca", "www.nativitypuppets.org", "www.owlistblog.ca", "www.sleeplessbeastie.eu", "www.soniaboulimiquedeslivres.fr" ], "not_before": "2022-08-05T10:07:29Z", "not_after": "2022-11-03T10:07:28Z", "sigalg": "SHA256WithRSA", "authority_key_id": "14:2E:B3:17:B7:58:56:CB:AE:50:9:40:E6:1F:AF:9D:8B:14:C2:C6", "subject_key_id": "27:D9:DD:FE:32:13:85:2B:DF:32:98:CB:59:75:C9:4F:95:77:A6:AE", "pem": "-----BEGIN CERTIFICATE-----\nMIIJEjCCB/qgAwIBAgISA8jdpZa9wcnqk5IaV0CZh6xDMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMjA4MDUxMDA3MjlaFw0yMjExMDMxMDA3MjhaMB0xGzAZBgNVBAMT\nEnRscy5hdXRvbWF0dGljLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAPTmhQgOQ02OunOYKpLdMVxO2j2w9komLb4oOcGovD9aYhOJYCxynCUAKdqS\n+KvoZFPV2PHT/XHAr3Sg9OWhXNtxhIIc+kfXXQa/dDI3EyCwiasBZhE2G6dcLnyT\nvav05aLPC6ASr7A4wKgr5oO+6RgpOv98RfH7ctGCW3/hMcVME010eONNpTS0skuO\n1kQMur4uDY1BzcZwhZVADd/IceqFFGWagsft5Ek+1zk8AyAlJHPAG7nionOLQtFY\n4Yry5NyZdKxPIGgy5zzy82ZXHQJNvQc5ZPh8UhkSZFJtiGbmg7cVYyFrBYMlgLqh\nT7UfEBILKpQhKxbIEBvILbWn5sMCAwEAAaOCBjUwggYxMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd\nBgNVHQ4EFgQUJ9nd/jIThSvfMpjLWXXJT5V3pq4wHwYDVR0jBBgwFoAUFC6zF7dY\nVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw\nOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy\nLm9yZy8wggQCBgNVHREEggP5MIID9YIPYXBrZ28uZ2FtZS5ibG9nghNiaGhwbWFj\nY291bnRpbmcuY29tghRibG9nLmtpbmVzaXMtY2VtLmNvbYITYnVyaGFuYWJkdWxs\nYWhpLmNvbYIRY2VjaWxlc2F2ZWxsaS5jb22CFmNocmlzdGlhbnNwaXJpdC5vcmcu\nemGCGGRpZ2l0YWxtYXJrZXRpbmdndWlkZS5jb4IUZmlyZWZyb210aGVib290aC5j\nb22CEmlmLW9ubHktbW93Z2xpLmNvbYIfaW52YWRpbmdmb3JjZXNhYnVqYS5mYW1p\nbHkuYmxvZ4IPa2luLnBvZXRyeS5ibG9nghJraW5nZG9tb2Zhc2hlcy5uZXSCGG1l\nbmRvemFmcmF6aWVyOC5sYXcuYmxvZ4IQbWl6dWtpY2hpbWkuYmxvZ4ITbW90aGVy\nY2x1Y2tlci5jby51a4IQbXlyaWFkdm9pY2VzLmNvbYIMbmFtbW9zbHRkLmNhghNu\nYXRpdml0eXB1cHBldHMub3Jngg1vd2xpc3RibG9nLmNhghNzbGVlcGxlc3NiZWFz\ndGllLmV1ghtzb25pYWJvdWxpbWlxdWVkZXNsaXZyZXMuZnKCEnRscy5hdXRvbWF0\ndGljLmNvbYIcd2F0ZXJzODZtY2Rvd2VsbC5oZWFsdGguYmxvZ4ITd3d3LmFwa2dv\nLmdhbWUuYmxvZ4IZd3d3LmFzaGJ5ODBncmFkeS5sYXcuYmxvZ4IXd3d3LmJ1cmhh\nbmFiZHVsbGFoaS5jb22CFXd3dy5jZWNpbGVzYXZlbGxpLmNvbYIad3d3LmNocmlz\ndGlhbnNwaXJpdC5vcmcuemGCHHd3dy5kaWdpdGFsbWFya2V0aW5nZ3VpZGUuY2+C\nEHd3dy5kd2RlZWFyZS5jb22CFnd3dy5pZi1vbmx5LW1vd2dsaS5jb22CI3d3dy5p\nbnZhZGluZ2ZvcmNlc2FidWphLmZhbWlseS5ibG9nghh3d3cua2luZ2RvbW5vd3Nl\ncmllcy5jb22CFnd3dy5raW5nZG9tb2Zhc2hlcy5uZXSCE3d3dy5saWVmY2FwaXRh\nbC5jb22CF3d3dy5saW5lYWdlLnBvZXRyeS5ibG9nghR3d3cubWl6dWtpY2hpbWku\nYmxvZ4IXd3d3Lm1vdGhlcmNsdWNrZXIuY28udWuCFHd3dy5teXJpYWR2b2ljZXMu\nY29tghB3d3cubmFtbW9zbHRkLmNhghd3d3cubmF0aXZpdHlwdXBwZXRzLm9yZ4IR\nd3d3Lm93bGlzdGJsb2cuY2GCF3d3dy5zbGVlcGxlc3NiZWFzdGllLmV1gh93d3cu\nc29uaWFib3VsaW1pcXVlZGVzbGl2cmVzLmZyMEwGA1UdIARFMEMwCAYGZ4EMAQIB\nMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu\nY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAQcjKsd8iRkoQxqE6\nCUKHXk4xixsD6+tLx2jwkGKWBvYAAAGCbbBXhwAABAMARzBFAiEA3AzaKZAxrZ20\n4TH/KjJwfV7vGbmKM0O+8yyZOny+WYwCIHK0CDR++LLVz41ZwAL9p+qoiBW3UgKo\nOZsH33cs4UBbAHcARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGC\nbbBXqgAABAMASDBGAiEA4sfKrVOGEtGT3AjqoE11Fn1YAkCvrMd9KBytGsX+BPAC\nIQD24AIhMztCJ1EIE+cwbTx6A9GvhicmFYbW1bJFf8pBKDANBgkqhkiG9w0BAQsF\nAAOCAQEAIQ4AIxbq5cMByo+k/e6r2z5hFPcwnAcjzYzyunjuEnEFYFnpT5NLhdR8\n/2OKQPxfB5QTdvBYl+Yu/RNE2MX62AWtLGsOUych/rD3MeUTP3I2wILrQzHiZOLQ\na1DtMGgbMVlg6SD2KJTU3PbuZ4c+QtEYC9AO7hWlFhPMLLoP+Ip5zda+nxERhsre\nqrGZBKk9mO9rhUjH4X2nNwYu9PUX1QnYil55iiiA5l/h1H/EH3HBaJH4JimGQyNR\n1yuQlyjSb72h7YwHFCCQOG+c5r284ot9uS/M8RTG9+hTEq0rVPQL4wGeTrdYCO16\nGXhWTtPzUSPEfBpxAdYcMkHcH3YfQQ==\n-----END CERTIFICATE-----\n" }
Display certificate expiration date for specific host.
$ cfssl certinfo -domain sleeplessbeastie.eu | jq --raw-output .not_after
2022-11-03T10:07:28Z