Select a certificate for verification
Upload Your certificate (PEM format)
Remote certificate check - type URL
Here we select the certificate we would like to validate. If it is a local file on your PC, it needs to be PEM-encoded. Alternatively, we can provide the URL to validate a server certificate, i.e. https://www.verisign.com. Because the certificate validation happens low-level, non-http ports like ldaps or imaps can also be specified here. More examples:
  • https://server.domain.tld:8883
  • ldaps://fm4dd.com
  • imaps://fm4dd.com

Select the Root CA certificate file or bundle to use
Ubuntu Root certificate list - 141 certificates, 214892 Bytes, last update Fri Mar 1 01:13:02 2024
WebCert's Root certificate list - 3 certificates, 4847 Bytes, last update Mon Feb 1 16:31:11 2016
Your CA certificate(s) - PEM format:
Here we select the list of CA certificates we would like to validate against. The following bundles are prepared:
  • Mozilla Root certificate list, downloaded from http://curl.haxx.se/ca/cacert.pem.
  • Verisign Root certificate list, downloaded and converted weekly from Verisign.
  • Ubuntu Root certificate list, converted from the local OS files.
  • The WebCert Root certificate list contains WebCerts own CA files, validating certificates for this CA only.
Alternatively, you can upload your own, local CA certificate file or file bundle (Apache-style) in PEM format.

Additional validation settings (optional and advanced)
SSL_set_verify_depth - limit or expand the chain verification to the specified depth.
X509_V_FLAG_X509_STRICT - disable workarounds, verify strictly per X509 rules.
Here we can select additional OpenSSL settings that control and fine-tune the validation process. They are optional, and require expert knowledge to interpret results correctly. In doubt, leave them alone.


Topics

OpenSSL Documentation