Free SSL/TLS Scanner
Check any domain's SSL/TLS configuration in seconds. Get a grade, find issues, and share your report.
No signup required. Results are cached for 1 minute.
Scanning
This usually takes 15-30 seconds. Please wait...
Scan Failed
Scanning...
Issues Found
Certificate Details
- Common Name
- -
- Issuer
- -
- Valid From
- -
- Valid Until
- -
- Expired
- -
- Hostname Match
- -
- Trusted
- -
Share This Report
Send this report via email:
Want Continuous Monitoring?
Get automated alerts, detailed reports, and team dashboards for all your domains.
What this free SSL scanner does
Think of it as a check-up for your website’s “secure padlock.” You enter a domain. We do what a browser does - and a bit more - then hand you back a clear report.
What we check, in plain English
- The certificate itself. Is it real, who issued it, what name it covers, when it expires.
- The full chain. Like asking for ID plus the documents that back it up. Missing pieces are a top cause of mobile-only HTTPS failures.
- Hostname match. Does the certificate actually cover the domain you typed?
- Protocols and ciphers. Are you still allowing weak old versions (TLS 1.0, 1.1)? Are your ciphers strong?
- Known vulnerabilities. Heartbleed, POODLE, ROBOT, and friends.
How the grade works
Each check contributes to a single letter grade from A+ to F. Same idea as a school report card: if any single item is critical (expired, broken chain, weak protocol), the overall grade drops fast.
- A or A+: Strong configuration, no critical issues. You can sleep at night.
- B: Mostly good. One or two small things to tighten.
- C / D: Real configuration weaknesses. Fix these before they hurt you.
- F: Something is critically wrong - expired, broken, or insecure.
When to use it
- After a deploy. Confirm nothing broke. Takes 30 seconds.
- Before a security audit. See what the auditor will see.
- When a customer complains. Quickly verify whether the issue is on your side.
- When evaluating a vendor. A weak SSL grade on a vendor’s production site is a signal.
From a one-off check to continuous monitoring
A scan is a single photo. Monitoring is a security camera. Most certificate problems start small and silent - a renewal slipped past, a load balancer reconfigured, a forgotten subdomain. TLS Radar monitoring runs scans on a schedule and alerts you the moment something changes, so you never find out from a customer.
Frequently asked questions
- Is the SSL scanner really free?
- Yes. No signup, no credit card, no email needed. We rate-limit to keep the service fair, but every scan is free to run and free to share.
- What does the scanner check?
- Certificate validity, expiry, hostname match, full chain, trusted issuer, TLS protocol versions, cipher strength, and known SSL/TLS vulnerabilities.
- How fast is a scan?
- Most scans complete in 15 to 30 seconds. Results are cached for one minute so you can share a link without re-running the scan.
- Can I scan internal or private servers?
- No. The free scanner only works on public, internet-reachable domains. For internal infrastructure, use TLS Radar monitoring on your own network.
Common errors and how to fix them
If your scan came back with issues, these short guides explain each one: