path guide

How To Read A TLS Certificate

TLS certificate checks explain whether a secure service presents a certificate that matches the hostname, has a valid date range, and chains to a trusted issuer.

Fields That Matter

Subject Alternative Name lists the hostnames the certificate covers.
Issuer shows who signed the certificate.
Not Before and Not After show the valid date range.
The hostname match decides whether the requested name is covered.

Common Problems

Expired certificates.
Certificate issued for a different hostname.
Missing intermediate certificates.
Old TLS versions or unsupported cipher suites.
Load balancers serving the wrong certificate on one backend.

Good Troubleshooting Habit

Always check the exact hostname users enter. A certificate can be valid for www.example.com while failing for example.com, or the reverse.

Troubleshooting Route

Use this guide as the field note, then move through the matching tools to gather evidence.

1 SSL / TLS Certificate Checker Check certificate issuer, expiration, SAN names, days left, and hostname match.
2 HTTP Header Checker Check a URL for status code, redirects, server headers, and TLS hints.
3 Port Checker Check whether a TCP port is reachable from the TraceRoo server.
4 DNS Lookup Tool Look up DNS A, AAAA, CNAME, MX, TXT, NS, SOA, SRV, and CAA records.

Related Glossary Terms

ICMP MTR Packet Loss TCP TLS TTL

Open tools panel