This tool performs validity and remaining time on TLS certificates being used by your live services. It can use
STARTTLS to fetch the existing X.509 certificates your services are currently using, testing the service as your users would.
TLS Check Results
We connected with the target server using . This protocol is considered insecure and should no longer be used, with a formal declaration published in RFC-7568 on 2015. Also in 2015, PCI SSC announced that this protocol was no longer sufficient to protect credit card data. You should consider migrating to stronger protocols — TLS 1.3 or better — because large industry players are committed to stop supporting it in 2020. The PCI SSC also recommends upgrading this protocol. This protocol is currently acceptable, although given the ample support for TLS 1.2, it's advisable to plan an upgrade as soon as practical. This protocol is a good choice as it offers wide compatibility and supports strong cipher suites, although TLS 1.3 should also be considered. This is the most recent version of the protocol, providing the most security features.
The connection used cipher suite
This cipher suite provides forward secrecy, granting increased security for the keys used to transmit encrypted messages.
Our probe found a certificate issued by with serial
This certificate has days left before expiration.This certificate has expired. The certificate is not to be used before
The certificate applies to the following DNS names or patterns, according to RFC-6066 Server Name Indication /
DNSNames extensions and
While probing and checking the TLS certificate, the following error was identified.
A note about caching
Results from previous runs are cached for a few minutes as an abuse deterrent. This means that the actual X.509 certificates will only be checked once every few minutes.
Test results include the UTC time at which they were compiled. You can use this to ensure you’re acting on fresh results.