أداة: SSL Lookup
ما الذي يقدمه هذا القسم
Enter a hostname (and usually port 443 is implied) to fetch the public X.509 certificate the server presents for HTTPS. You can read the subject common name, subject alternative names (SANs) that list every hostname the cert covers, issuing CA, signature algorithm, serial, validity window, and sometimes organization details. This is the same material browsers use to decide whether to show a padlock, expressed as structured fields so you can spot a name mismatch before a user screenshots a scary interstitial.
متى تستخدمها
Use it when a site throws NET::ERR_CERT_COMMON_NAME_INVALID, a mobile app pins the wrong spki, a marketing microsite still serves the old wildcard, or a load balancer SNI table is wrong so only some paths break. It is also useful in vendor security reviews: confirm a partner really presents a modern public chain, not a self-signed cert from 2012. Follow with أداة: HTTP headers lookup for HSTS and أداة: DNS Lookup to ensure the A/AAAA you expect is what TLS clients connect to.
مثال عملي
You get a report that https://shop.example.com is untrusted. SSL Lookup on shop.example.com might show the cert is only valid for www.example.com and the apex, while the shop host is missing from SAN. Fix: reissue a cert that lists shop.example.com or CNAME the host behind a name already on the cert. The tool output gives you the exact string list to hand to whoever orders certificates.
أسئلة شائعة
Why does the site work in my browser but fail here?
You might be on a different network path, old cached state, or the server returns different certificates per SNI. Try the exact hostname users type, including or excluding www as appropriate.
Is an expired cert the only red flag?
No. Check weak signature algorithms, short RSA keys, missing chain intermediates, and whether the leaf cert matches your CAA policy in أداة: DNS Lookup.
Does this perform a full SSL Labs style scan?
This page focuses on the certificate object. Protocol cipher suites, OCSP stapling, and HSTS are better read from response headers and dedicated scanners, but you can start here for the trust anchor story.
Can I check SMTP STARTTLS?
That requires connecting to the mail port with different STARTTLS behavior. This tool is oriented to HTTPS hostnames. Use your mail admin toolkit for port 25/587 cert checks.