How to Check If an SSL Certificate Is Valid

An SSL certificate is what turns the lock icon on in your browser. It encrypts the connection between your visitor and the website and proves that the visitor is connecting to the real domain, not a spoofed one. When an SSL certificate is expired, misconfigured, or issued to the wrong name, browsers show warnings, and many visitors close the tab immediately.

Checking an SSL certificate is a quick task. You do not need to install anything, and you do not need to be a security engineer to understand the basics.

You can start by using Ping7's SSL Checker tool.

This guide explains what an SSL certificate is, what the certificate details mean, the most common SSL errors, and how to read the result without getting lost in cryptography jargon.

What Is an SSL Certificate?

An SSL certificate, more accurately a TLS certificate in modern usage, is a small file installed on a web server. It tells visitors two things. First, that the connection to the server should be encrypted. Second, that an independent organization, called a certificate authority, has verified that the certificate belongs to the domain shown in the URL.

When you visit a website over HTTPS, your browser fetches the certificate, checks its details, and then decides whether to trust it. If everything looks correct, the browser shows a lock icon and loads the page. If something is wrong, the browser shows a warning page.

Modern websites use TLS, the successor to SSL, but most people still call the certificate an SSL certificate. The terms are used interchangeably in most everyday conversations.

What Information Is in an SSL Certificate?

Each SSL certificate carries a set of fields that describe what it is for. When you check a certificate, you usually look at a few key fields first.

Subject

The subject names the domain or domains the certificate is issued to. A certificate can list a single domain, multiple domains, or a wildcard that covers all subdomains of a parent domain. If the subject does not match the website you are visiting, the browser will reject it.

Issuer

The issuer is the certificate authority that signed the certificate. Common issuers include Let's Encrypt, DigiCert, Sectigo, Cloudflare, Google Trust Services, and many others. Your browser only trusts certificates from issuers in its built-in trust list.

Validity Period

An SSL certificate has a "not before" date and a "not after" date. Modern certificates often last a few months at most. Browsers reject certificates that have expired or that are not yet valid.

Subject Alternative Names

Most certificates today include a list of additional names, called SAN entries, in addition to the subject. This is how one certificate can cover example.com, www.example.com, and api.example.com at the same time.

Signature and Public Key

The certificate also contains the website's public key and a cryptographic signature from the issuer. Your browser uses these to set up the encrypted connection and to verify that the certificate was actually signed by the trusted certificate authority.

Why You Should Check SSL Certificates

People check SSL certificates for many practical reasons.

Common reasons include:

• You own a website and want to confirm HTTPS is working before launch.
• Your visitors are reporting security warnings in their browser.
• You renewed a certificate and want to verify the new one is live.
• You want to check the expiry date so you can plan a renewal.
• You want to confirm a certificate covers both example.com and www.example.com.
• You moved hosting and want to verify the new server is serving the right certificate.
• You are debugging mixed content or HTTPS load errors.
• You are investigating a suspicious website's certificate to evaluate its trust signals.

SSL problems can quietly hurt traffic. Search engines may treat HTTPS errors as a quality signal. Many users immediately leave when they see a browser warning. Catching a misconfiguration early avoids long-term damage.

How to Check an SSL Certificate with Ping7

Ping7 provides a browser-based SSL Checker that inspects a website's certificate without installing anything.

Open Ping7's SSL Checker tool.

Enter the domain you want to check. The tool requests certificate information for the domain and shows the key fields in a readable layout. Depending on the data source, results usually include:

• Whether the certificate is valid right now.
• The issuing certificate authority.
• The certificate's not-before and not-after dates.
• The list of domain names covered by the certificate.
• Basic configuration hints, such as supported protocols when available.

This view gives you enough information to confirm that HTTPS is set up correctly for a domain, or to see exactly what is wrong if it is not.

How to Read an SSL Check Result

An SSL check result has several fields. Reading them in order gives you a confident answer.

Step 1: Check Validity

First, confirm that the certificate is currently valid. If the certificate has expired or the start date is in the future, browsers will reject it. An expired certificate is one of the most common SSL problems and is almost always a missed renewal rather than an attack.

Step 2: Check the Domain Coverage

Look at the list of names covered by the certificate. If you are testing example.com, the certificate should explicitly include example.com or a matching wildcard such as *.example.com. If you visit www.example.com but the certificate only covers example.com, your browser will warn about a hostname mismatch.

Step 3: Check the Issuer

Look at who signed the certificate. Big public certificate authorities like Let's Encrypt, DigiCert, Sectigo, GlobalSign, and Cloudflare are trusted by default in mainstream browsers. If the issuer is a name you do not recognize, search for it before trusting the website. Self-signed certificates are not trusted by browsers by default and will trigger warnings.

Step 4: Check the Expiry Date

Even if the certificate is valid now, look at when it expires. A certificate that expires in the next two weeks needs urgent renewal. A certificate that expires in three months is normal for modern issuers. Many providers auto-renew, but auto-renewal can silently fail and the certificate may expire without anyone noticing until visitors start complaining.

Step 5: Check for Configuration Hints

Some SSL checkers also surface configuration warnings, such as outdated protocols, weak ciphers, or missing intermediate certificates. These are deeper signals that matter more for production websites that handle login or payment data.

Common SSL Errors

Most SSL problems fall into a short list of patterns. Recognizing the pattern helps you fix the issue faster.

Certificate Expired

The certificate's not-after date has passed. Browsers show a warning and visitors cannot reach the site without bypassing the warning. The fix is to renew the certificate, install the new one, and re-test.

Hostname Mismatch

The certificate does not cover the exact hostname being visited. For example, the certificate covers example.com but the visitor opens www.example.com. The fix is to issue a certificate that covers both names, or to set up a redirect to the covered hostname.

Untrusted Issuer

The certificate is signed by an authority that browsers do not trust, often because it is self-signed or issued by an internal certificate authority. The fix is to use a publicly trusted certificate authority for public websites.

Missing Intermediate Certificate

The server only sends the leaf certificate, not the full chain. Some browsers handle this, but many strict clients do not. The fix is to install the full chain on the server so that the leaf, intermediates, and root are all sent.

Wrong Server Time

If the server clock is wrong, the certificate may appear invalid even when it is not. The fix is to enable network time sync on the server.

Mixed Content Warnings

The page itself loads over HTTPS but includes images, scripts, or styles loaded over plain HTTP. This is not strictly an SSL certificate problem, but it weakens security and produces browser warnings. The fix is to update all resource URLs to HTTPS.

SSL Check vs Other Diagnostics

An SSL check answers one specific question: is HTTPS configured correctly for this domain right now? Other tools answer different questions, and combining them gives you a fuller picture.

Pair an SSL check with:

• A website status check to make sure the server is reachable.
• A DNS check to confirm the domain points where you expect.
• A redirect checker to see if HTTPS upgrades are working.
• A header checker to inspect HSTS, content security policy, and other headers.

Many real problems involve more than one of these areas. For example, a website may have a valid certificate but be unreachable due to DNS issues. Or DNS may be fine but HTTP redirects to HTTPS may be missing.

How Long Do SSL Certificates Last?

Certificate lifetimes have become shorter over the years. Today many publicly trusted certificates last around 90 days. Some longer-lived options exist, but the industry is moving toward shorter-lived certificates with automatic renewal.

Short-lived certificates are good for security because they limit how long a compromised key can be misused. The trade-off is that website owners need reliable automatic renewal. If automation breaks, the certificate will expire and the website will start showing warnings.

A simple habit is to check the expiry date of your SSL certificate at least once a month, especially for any production website. A quick monthly check takes seconds and avoids a stressful surprise.

What an Online SSL Checker Cannot Tell You

An online SSL checker is useful for quick checks, but it has limits.

An online SSL checker cannot:

• Guarantee the website is safe in every way. It only checks certificate trust signals.
• Catch every cipher or protocol weakness without deeper TLS scanning.
• Detect issues that only show up to certain clients or specific countries.
• Continuously monitor the certificate for expiry on its own.
• Inspect certificates on private networks that are not reachable from the public internet.
• Replace full TLS auditing tools used by security teams for compliance.

For most website owners, an online SSL check is enough for day-to-day verification. For deeper audits, professional TLS scanning tools provide more detailed analysis of cipher suites, protocol versions, and configuration hardening.

Tips for SSL Health

A few small habits make SSL problems much less likely.

Try these tips:

• Enable automatic renewal whenever your hosting provider supports it.
• Verify the renewal actually succeeded after the first cycle.
• Check the SSL certificate after every hosting or DNS change.
• Use a certificate that covers both apex and www, or set up a clean redirect.
• Test the full HTTPS chain, not just the leaf certificate.
• Keep server time accurate with network time sync.
• Update mixed content references on your pages to use HTTPS.
• Set a calendar reminder a few weeks before manual renewal is due.

FAQ

What is the difference between SSL and TLS?

SSL is the older protocol. TLS is its modern successor. Most public websites today use TLS, but the certificate is still commonly called an SSL certificate because of the historical name. For most everyday discussions, the two terms refer to the same idea.

How do I check the expiry date of an SSL certificate?

Use an online SSL checker like Ping7's SSL Checker, or click the lock icon in your browser's address bar and view the certificate details. The not-after date in the certificate is the expiry date.

Why does my browser show a "not secure" warning?

This warning usually means the site does not use HTTPS at all, or the certificate is invalid in some way. Common causes include an expired certificate, a hostname mismatch, an untrusted issuer, or a missing intermediate certificate.

Can I use the same SSL certificate for multiple domains?

Yes. A certificate can include multiple domain names in its subject alternative names field. A wildcard certificate can also cover all subdomains of a parent domain. Multi-domain certificates and wildcard certificates are widely supported by modern certificate authorities.

Is a free SSL certificate as good as a paid one?

For most websites, yes. Free certificate authorities like Let's Encrypt issue certificates that browsers trust just as much as paid ones. Paid certificates can offer extra validation levels and support contracts, but the underlying encryption strength is the same.

What does the lock icon in the browser really mean?

The lock icon means the connection is encrypted and the server presented a valid certificate for the domain. It does not guarantee that the website itself is safe, well-managed, or honest. Always evaluate the website's content and reputation in addition to its certificate.

Related tools

• SSL Checker
• Down Check
• DNS Checker
• URL Redirect Checker
• HTTP Header Checker

Related guides

• How to Check If a Website Is Down
• How to Check DNS Records Online