Connect to any host on port 443 (or custom), pull its TLS certificate, and inspect the full chain — issuer, expiry, SANs, TLS version, cipher, and signature algorithm.
We connect directly to the host over TLS using Server Name Indication (SNI), then inspect the peer certificate chain presented by the server. We accept invalid certs so you can inspect broken ones — the issues panel will flag expiry, self-signing, hostname mismatch, weak signatures, and old TLS versions.