Use Cloudflare’s PKI and TLS toolkit to check online certificate.
See how to use Cloudflare’s PKI and TLS toolkit blog post for basic details.
Inspect host for possible issues.
$ cfssl scan sleeplessbeastie.eu
Scanning sleeplessbeastie.eu...
=== sleeplessbeastie.eu ===
{
"Broad": {
"IntermediateCAs": {
"grade": "Skipped"
}
},
"Connectivity": {
"CloudFlareStatus": {
"grade": "Skipped",
"error": "Couldn't parse CIDR range: invalid CIDR address: 131.0.72.0/222400:cb00::/32"
},
"DNSLookup": {
"grade": "Good",
"output": [
"192.0.78.138",
"192.0.78.223"
]
},
"TCPDial": {
"grade": "Good"
},
"TLSDial": {
"grade": "Good"
}
},
"PKI": {
"ChainExpiration": {
"grade": "Good",
"output": "2022-11-03T10:07:28Z"
},
"ChainValidation": {
"grade": "Warning",
"output": [
"Certificate for R3 is valid for too long"
]
},
"MultipleCerts": {
"grade": "Good"
}
},
"TLSHandshake": {
"CertsByCiphers": {
"grade": "Good",
"output": {
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": "SHA256WithRSA",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": "SHA256WithRSA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": "SHA256WithRSA",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": "SHA256WithRSA"
}
},
"CertsBySigAlgs": {
"grade": "Good",
"output": {
"{RSA,SHA1}": "SHA256WithRSA",
"{RSA,SHA256}": "SHA256WithRSA",
"{RSA,SHA384}": "SHA256WithRSA"
}
},
"CipherSuite": {
"grade": "Good",
"output": [
{
"ECDHE-RSA-AES128-GCM-SHA256": [
{
"TLS 1.2": [
"secp256r1",
"secp384r1",
"secp224r1",
"secp521r1"
]
}
]
},
{
"ECDHE-RSA-AES256-GCM-SHA384": [
{
"TLS 1.2": [
"secp256r1",
"secp384r1",
"secp224r1",
"secp521r1"
]
}
]
},
{
"ECDHE-RSA-AES128-SHA": [
{
"TLS 1.2": [
"secp256r1",
"secp384r1",
"secp224r1",
"secp521r1"
]
}
]
},
{
"ECDHE-RSA-AES256-SHA": [
{
"TLS 1.2": [
"secp256r1",
"secp384r1",
"secp224r1",
"secp521r1"
]
}
]
}
]
},
"ECCurves": {
"grade": "Good",
"output": [
"secp256r1",
"secp384r1",
"secp224r1",
"secp521r1"
]
},
"SigAlgs": {
"grade": "Good",
"output": [
{
"signature": "RSA",
"hash": "SHA256"
},
{
"signature": "RSA",
"hash": "SHA384"
},
{
"signature": "RSA",
"hash": "SHA1"
}
]
}
},
"TLSSession": {
"SessionResume": {
"grade": "Good",
"output": {
"192.0.78.138": true,
"192.0.78.223": true
}
}
}
}
Display certificate details for specific host.
$ cfssl certinfo -domain sleeplessbeastie.eu
{
"subject": {
"common_name": "tls.automattic.com",
"names": [
"tls.automattic.com"
]
},
"issuer": {
"common_name": "R3",
"country": "US",
"organization": "Let's Encrypt",
"names": [
"US",
"Let's Encrypt",
"R3"
]
},
"serial_number": "329687950352914095258704810615509585734723",
"sans": [
"apkgo.game.blog",
"bhhpmaccounting.com",
"blog.kinesis-cem.com",
"burhanabdullahi.com",
"cecilesavelli.com",
"christianspirit.org.za",
"digitalmarketingguide.co",
"firefromthebooth.com",
"if-only-mowgli.com",
"invadingforcesabuja.family.blog",
"kin.poetry.blog",
"kingdomofashes.net",
"mendozafrazier8.law.blog",
"mizukichimi.blog",
"motherclucker.co.uk",
"myriadvoices.com",
"nammosltd.ca",
"nativitypuppets.org",
"owlistblog.ca",
"sleeplessbeastie.eu",
"soniaboulimiquedeslivres.fr",
"tls.automattic.com",
"waters86mcdowell.health.blog",
"www.apkgo.game.blog",
"www.ashby80grady.law.blog",
"www.burhanabdullahi.com",
"www.cecilesavelli.com",
"www.christianspirit.org.za",
"www.digitalmarketingguide.co",
"www.dwdeeare.com",
"www.if-only-mowgli.com",
"www.invadingforcesabuja.family.blog",
"www.kingdomnowseries.com",
"www.kingdomofashes.net",
"www.liefcapital.com",
"www.lineage.poetry.blog",
"www.mizukichimi.blog",
"www.motherclucker.co.uk",
"www.myriadvoices.com",
"www.nammosltd.ca",
"www.nativitypuppets.org",
"www.owlistblog.ca",
"www.sleeplessbeastie.eu",
"www.soniaboulimiquedeslivres.fr"
],
"not_before": "2022-08-05T10:07:29Z",
"not_after": "2022-11-03T10:07:28Z",
"sigalg": "SHA256WithRSA",
"authority_key_id": "14:2E:B3:17:B7:58:56:CB:AE:50:9:40:E6:1F:AF:9D:8B:14:C2:C6",
"subject_key_id": "27:D9:DD:FE:32:13:85:2B:DF:32:98:CB:59:75:C9:4F:95:77:A6:AE",
"pem": "-----BEGIN CERTIFICATE-----\nMIIJEjCCB/qgAwIBAgISA8jdpZa9wcnqk5IaV0CZh6xDMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMjA4MDUxMDA3MjlaFw0yMjExMDMxMDA3MjhaMB0xGzAZBgNVBAMT\nEnRscy5hdXRvbWF0dGljLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAPTmhQgOQ02OunOYKpLdMVxO2j2w9komLb4oOcGovD9aYhOJYCxynCUAKdqS\n+KvoZFPV2PHT/XHAr3Sg9OWhXNtxhIIc+kfXXQa/dDI3EyCwiasBZhE2G6dcLnyT\nvav05aLPC6ASr7A4wKgr5oO+6RgpOv98RfH7ctGCW3/hMcVME010eONNpTS0skuO\n1kQMur4uDY1BzcZwhZVADd/IceqFFGWagsft5Ek+1zk8AyAlJHPAG7nionOLQtFY\n4Yry5NyZdKxPIGgy5zzy82ZXHQJNvQc5ZPh8UhkSZFJtiGbmg7cVYyFrBYMlgLqh\nT7UfEBILKpQhKxbIEBvILbWn5sMCAwEAAaOCBjUwggYxMA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd\nBgNVHQ4EFgQUJ9nd/jIThSvfMpjLWXXJT5V3pq4wHwYDVR0jBBgwFoAUFC6zF7dY\nVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw\nOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy\nLm9yZy8wggQCBgNVHREEggP5MIID9YIPYXBrZ28uZ2FtZS5ibG9nghNiaGhwbWFj\nY291bnRpbmcuY29tghRibG9nLmtpbmVzaXMtY2VtLmNvbYITYnVyaGFuYWJkdWxs\nYWhpLmNvbYIRY2VjaWxlc2F2ZWxsaS5jb22CFmNocmlzdGlhbnNwaXJpdC5vcmcu\nemGCGGRpZ2l0YWxtYXJrZXRpbmdndWlkZS5jb4IUZmlyZWZyb210aGVib290aC5j\nb22CEmlmLW9ubHktbW93Z2xpLmNvbYIfaW52YWRpbmdmb3JjZXNhYnVqYS5mYW1p\nbHkuYmxvZ4IPa2luLnBvZXRyeS5ibG9nghJraW5nZG9tb2Zhc2hlcy5uZXSCGG1l\nbmRvemFmcmF6aWVyOC5sYXcuYmxvZ4IQbWl6dWtpY2hpbWkuYmxvZ4ITbW90aGVy\nY2x1Y2tlci5jby51a4IQbXlyaWFkdm9pY2VzLmNvbYIMbmFtbW9zbHRkLmNhghNu\nYXRpdml0eXB1cHBldHMub3Jngg1vd2xpc3RibG9nLmNhghNzbGVlcGxlc3NiZWFz\ndGllLmV1ghtzb25pYWJvdWxpbWlxdWVkZXNsaXZyZXMuZnKCEnRscy5hdXRvbWF0\ndGljLmNvbYIcd2F0ZXJzODZtY2Rvd2VsbC5oZWFsdGguYmxvZ4ITd3d3LmFwa2dv\nLmdhbWUuYmxvZ4IZd3d3LmFzaGJ5ODBncmFkeS5sYXcuYmxvZ4IXd3d3LmJ1cmhh\nbmFiZHVsbGFoaS5jb22CFXd3dy5jZWNpbGVzYXZlbGxpLmNvbYIad3d3LmNocmlz\ndGlhbnNwaXJpdC5vcmcuemGCHHd3dy5kaWdpdGFsbWFya2V0aW5nZ3VpZGUuY2+C\nEHd3dy5kd2RlZWFyZS5jb22CFnd3dy5pZi1vbmx5LW1vd2dsaS5jb22CI3d3dy5p\nbnZhZGluZ2ZvcmNlc2FidWphLmZhbWlseS5ibG9nghh3d3cua2luZ2RvbW5vd3Nl\ncmllcy5jb22CFnd3dy5raW5nZG9tb2Zhc2hlcy5uZXSCE3d3dy5saWVmY2FwaXRh\nbC5jb22CF3d3dy5saW5lYWdlLnBvZXRyeS5ibG9nghR3d3cubWl6dWtpY2hpbWku\nYmxvZ4IXd3d3Lm1vdGhlcmNsdWNrZXIuY28udWuCFHd3dy5teXJpYWR2b2ljZXMu\nY29tghB3d3cubmFtbW9zbHRkLmNhghd3d3cubmF0aXZpdHlwdXBwZXRzLm9yZ4IR\nd3d3Lm93bGlzdGJsb2cuY2GCF3d3dy5zbGVlcGxlc3NiZWFzdGllLmV1gh93d3cu\nc29uaWFib3VsaW1pcXVlZGVzbGl2cmVzLmZyMEwGA1UdIARFMEMwCAYGZ4EMAQIB\nMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu\nY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAQcjKsd8iRkoQxqE6\nCUKHXk4xixsD6+tLx2jwkGKWBvYAAAGCbbBXhwAABAMARzBFAiEA3AzaKZAxrZ20\n4TH/KjJwfV7vGbmKM0O+8yyZOny+WYwCIHK0CDR++LLVz41ZwAL9p+qoiBW3UgKo\nOZsH33cs4UBbAHcARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGC\nbbBXqgAABAMASDBGAiEA4sfKrVOGEtGT3AjqoE11Fn1YAkCvrMd9KBytGsX+BPAC\nIQD24AIhMztCJ1EIE+cwbTx6A9GvhicmFYbW1bJFf8pBKDANBgkqhkiG9w0BAQsF\nAAOCAQEAIQ4AIxbq5cMByo+k/e6r2z5hFPcwnAcjzYzyunjuEnEFYFnpT5NLhdR8\n/2OKQPxfB5QTdvBYl+Yu/RNE2MX62AWtLGsOUych/rD3MeUTP3I2wILrQzHiZOLQ\na1DtMGgbMVlg6SD2KJTU3PbuZ4c+QtEYC9AO7hWlFhPMLLoP+Ip5zda+nxERhsre\nqrGZBKk9mO9rhUjH4X2nNwYu9PUX1QnYil55iiiA5l/h1H/EH3HBaJH4JimGQyNR\n1yuQlyjSb72h7YwHFCCQOG+c5r284ot9uS/M8RTG9+hTEq0rVPQL4wGeTrdYCO16\nGXhWTtPzUSPEfBpxAdYcMkHcH3YfQQ==\n-----END CERTIFICATE-----\n"
}
Display certificate expiration date for specific host.
$ cfssl certinfo -domain sleeplessbeastie.eu | jq --raw-output .not_after
2022-11-03T10:07:28Z
