AXOX Hub Hub
Security Feb 12, 2026 7 min read

SSL Certificates Explained: How to Check If a Site Is Secure

SSL/TLS certificates encrypt the connection between your browser and a website. Here's how they work, what can go wrong, and how to verify any site's certificate.

What is an SSL certificate?

An SSL (Secure Sockets Layer) certificate — now technically TLS (Transport Layer Security) — is a digital document that proves a website's identity and enables encrypted communication. When you see the padlock icon in your browser's address bar, it means the site has a valid SSL certificate and your connection is encrypted.

Without SSL, everything you send — passwords, credit card numbers, personal data — travels as plain text that anyone on the same network can read.

How SSL certificates work

When you visit an HTTPS site, a handshake happens in milliseconds:

  1. Your browser requests the certificate — the server sends its SSL certificate
  2. Browser verifies the certificate — checks the issuer (Certificate Authority), expiry date, and domain name
  3. Key exchange — the browser and server agree on encryption keys using asymmetric cryptography
  4. Encrypted connection — all subsequent data is encrypted with symmetric encryption (typically AES)

Types of SSL certificates

Domain Validated (DV)

The most common type. Only verifies you own the domain. Free from Let's Encrypt and Cloudflare. Good for blogs, personal sites, and most web apps.

Organization Validated (OV)

Verifies the organization behind the domain. Requires manual verification of business documents. Used by companies that want to show legitimacy.

Extended Validation (EV)

The most thorough verification. Requires legal, physical, and operational proof. Historically showed the company name in the address bar (most browsers stopped this).

Common SSL problems

  • Expired certificate — certificates have a validity period (usually 90 days for Let's Encrypt, 1 year for paid). If not renewed, browsers show a scary warning page.
  • Domain mismatch — the certificate is for example.com but the site is accessed via www.example.com. Use a wildcard or SAN certificate to cover both.
  • Mixed content — the page loads over HTTPS but includes HTTP resources (images, scripts). This breaks the padlock and can expose data.
  • Incomplete certificate chain — the server doesn't send intermediate certificates, so the browser can't verify the chain back to a trusted root CA.
  • Self-signed certificate — not issued by a trusted CA. Fine for development, but browsers will warn users.

Why HTTPS matters for SEO

Google has used HTTPS as a ranking signal since 2014. Sites without SSL may be penalized in search results. Chrome also shows "Not Secure" for HTTP sites, which hurts user trust and increases bounce rates.

With free certificates from Let's Encrypt and Cloudflare, there's no reason not to have HTTPS in 2026.

How to check any site's certificate

Use our SSL Certificate Checker to instantly see a domain's certificate details — issuer, expiry date, protocol version, and whether the chain is valid.

Check any domain's SSL certificate

See issuer, expiry, protocol version, and chain validation instantly.

Open SSL Checker
← Back to Blog