DK Book demo Start free trial
Product Use Cases Pricing Guides Free tools About Book demo Start free trial

Test your SSL/TLS configuration

Get a grade from A+ to F — using the same methodology as SSL Labs — for your certificate, protocols, ciphers, and security headers, in seconds.

We only test publicly reachable servers on standard TLS ports. By testing, you agree to the acceptable use policy. Site owners can opt out.

Got a PEM file instead? Decode a certificate →

How the SSL grade is calculated

This SSL checker follows the same methodology as SSL Labs. It opens a real TLS handshake with the server, records which protocols and ciphers it accepts, and inspects the certificate it presents. Three weighted components — protocol support, key exchange, and cipher strength — produce a numeric score that maps to a letter grade from A+ to F. The strongest individual weakness sets a ceiling: one weak protocol or cipher caps the whole grade, however good the rest of the configuration is.

On top of that, the certificate is validated for trust, expiry and name match, and the response is checked for an HSTS header. A site that is otherwise perfect but does not send HSTS is capped at A-; add a strong HSTS policy and it reaches A+. For a plain-English walkthrough of every band, read how to read your SSL grade.

What does the SSL grade mean?

The grade runs from A+ down to F and summarises four things: the TLS protocols the server supports, the strength of its key exchange, the strength of its ciphers, and its certificate. Weak configurations cap the grade; a flawless setup with a strong HSTS policy earns the A+.

Why is my grade capped at A- or lower?

Common caps: supporting only older protocols, offering weak or anonymous ciphers, or using a short key all pull the grade down. A missing HSTS header caps a site at A-. An expired certificate, or one whose name does not match the host, is marked separately as T (untrusted) or M (name mismatch).

Is my server stored or shared?

No account is needed and nothing private is collected — a TLS configuration is public information that the server presents to every visitor. The result is held briefly behind a random link so you can share it, then expires.

More free tools: all tools · Certificate decoder · Chain checker · Security headers & HSTS