Deep dive into SSL/TLS certificates, handshakes, cipher suites, and how to verify certificate health.
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that secure communication over a network. Every https:// URL uses TLS to encrypt your data in transit.
Modern systems use TLS 1.2 or TLS 1.3. SSLv3 and TLS 1.0/1.1 are deprecated and should be disabled.
The handshake establishes a secure session. TLS 1.3 completes in 1 round-trip (1-RTT):
| Type | Validation | Best For |
|---|---|---|
| DV (Domain Validated) | Domain control only | Blogs, personal sites |
| OV (Organization Validated) | Organization identity | Business websites |
| EV (Extended Validation) | Full legal verification | Banks, e-commerce |
| Wildcard | DV/OV for all subdomains | *.example.com |
| Multi-domain (SAN) | Multiple domains | Multiple sites |
Use the NetTool1 SSL Checker to instantly verify certificate expiry, issuer, chain validity, and TLS version support.
Tip: Automate renewal with Let's Encrypt + Certbot. Set alerts 30 days before expiry.
A complete chain has three layers: Root CA (trusted by browsers) → Intermediate CA → End-Entity Certificate. Missing intermediates cause browser warnings even with a valid cert.
| Error | Cause | Fix |
|---|---|---|
| ERR_CERT_AUTHORITY_INVALID | Untrusted CA or self-signed | Install cert from trusted CA |
| ERR_CERT_DATE_INVALID | Expired certificate | Renew certificate |
| ERR_CERT_COMMON_NAME_INVALID | Domain mismatch | Get cert matching your domain |
| Mixed Content | HTTP assets on HTTPS page | Update all resource URLs to HTTPS |