Free Tools

SSL certificate checker

Check your certificate details from Larm's global probe network. Expiry, issuer, TLS version, cipher suite.

Understanding your certificate

An SSL/TLS certificate secures the connection between your users and your server. Here's what each field means.

Subject

The domain the certificate was issued for. Should match the domain you're checking. Wildcard certificates (e.g. *.example.com) cover all subdomains.

Issuer

The Certificate Authority (CA) that issued the certificate. Common issuers include Let's Encrypt, DigiCert, Cloudflare, and Google Trust Services. A certificate issued by an unknown or untrusted CA will cause browser warnings.

Expiry

When the certificate stops being valid. Most certificates last 90 days (Let's Encrypt) or 1 year. An expired certificate causes browser security warnings and breaks HTTPS. If your cert expires in less than 30 days, it's time to renew — or set up automated renewal.

TLS Version

The version of the TLS protocol negotiated. TLS 1.3 is current and recommended. TLS 1.2 is acceptable. TLS 1.0 and 1.1 are deprecated and should be disabled — they have known vulnerabilities.

Cipher Suite

The specific encryption algorithm used for the connection. Modern suites use AES-GCM or ChaCha20-Poly1305. The cipher is negotiated between client and server — your server configuration determines which suites are offered.

Monitor your SSL certificates automatically.

Larm checks your certificates hourly and alerts you before they expire. No extra configuration — if you're monitoring an HTTPS endpoint, we're watching the cert.