In a nutshell, SSL validation helps you ensure that your website, or the website you are visiting is secure.
If you're running a website, making sure that your traffic is safe and secure. One way to do this is by using an SSL certificate, which is an important part of online security. But how can you be sure that your SSL certificate is valid?
In this article, we'll show you how to check the validity of an SSL certificate and make sure your traffic is protected. We'll also guide you through the renewal process if your certificate is expired. This way you won't get caught with an invalid SSL certificate. But if you ever do, you'll know how to fix it.
Read on and learn how to protect your website from potential threats and help maintain a secure site.
What is SSL/TLS?
SSL/TLS (Secure Sockets Layer and Transport Layer Security) are protocols that enables two communicating parties to establish an encrypted connection. This means that any data that is exchanged between the two parties is protected from eavesdroppers. This is important because it helps to keep sensitive information, such as credit card numbers and passwords, safe from being intercepted by hackers.
SSL/TLS certificates are issued by certificate authorities (CAs) like GoDaddy. These are organizations that are responsible for verifying the identity of the website owner and ensuring that the website is secure. When you visit a website, your browser checks to see if the SSL/TLS certificate is valid and has been issued by a trusted CA.
The term TLS certificate is used interchangeably with SSL certificate in the industry. Whichever term you use, SSL/TLS is a must if you want to ensure that your website is secure.
Now that we know what to look for, let's see how we can check the validity of an SSL certificate.
How to tell whether a website has SSL?
Before validating the details of an SSL certificate on your website, you can first check that it has SSL properly installed. The best way to tell whether a website has SSL is to look for the https:// at the beginning of the URL. If you see that, it means the website is using SSL.
You can also look for a padlock icon in your browser's address bar. This is another indication that the website is secured with SSL.
If you don't see a padlock and only see http:// without the ‘s’ in the URL, then the website is not using SSL and the connection is not secure.
Ways to view your SSL certificate (Chrome, Firefox, Safari)
We just described how to check to make sure that your website has an SSL certificate installed. The next step in SSL validation is to view your SSL certificate. Depending on the browser you're using, there are slightly different ways to do this. Let's cover how to view a website’s certificate with each of the three most popular browsers:
Chrome:
1. Enter the URL of the website you want to check in your browser's address bar and press Enter.
2. Click on the padlock icon in the address bar.
3. Click on Connection is secure.
4. Click on Certificate is valid to open the Certificate Viewer.
Firefox:
1. Enter the URL of the website you want to check in your browser's address bar and press Enter.
2. Click on the padlock icon in the address bar.
3. Click on Connection secure.
4. Click on More information.
5. Click on View Certificate.
Safari:
1. Enter the URL of the website you want to check in your browser's address bar and press Enter.
2. Click on the padlock icon in the address bar.
3. Click on Show Certificate.
Where to find your SSL certificate?
We've discussed viewing your SSL certificate by using a web browser. But what about viewing the actual digital certificate on your computer? To do that, you'll need to check the certificate stores or use the Certificate Manager tool if you're using Windows. If your certificate is on a Mac, you'll find it in the Keychain.
Depending on the type of machine your certificate is stored on, here are the instructions for finding your SSL certificate.
Certificate Manager tool (Windows)
If you're using Windows, you can find any SSL certificates stored on your local device in the Certificate Manager. To do this:
- Open the command prompt and type certlm.msc and press enter.
- You can view the certificates stored on your device on the left.
- Expand a certificate folder to view the certificate information.
Similarly, if you are inside of a Windows Server environment, you can use the Windows Certificate Manager tool.
Certificate Stores (Windows)
Aside from using the tools mentioned above, you can search manually for any installed certificates in certificate stores. Certificate stores are used to store certificates locally on a device.
Certificate stores can be categorized as Personal, Trusted Root Certification Authorities, and Intermediate certification authorities.
In a Windows Server, follow these steps to access the certificate store:
- Enter MMC on the command prompt to open the MMC (Microsoft Management Console).
- Go to File and select Add or Remove Snap-ins.
- Choose Certificates from the list of available snap-ins, then click Add.
- In the next window, select Computer Account and click Next.
- When prompted, select Local Computer and click OK.
- Choose a certificate from the MMC snap-in and double-click to open the Certificate Window. This will show the details of that certificate.
Keychain (MacOS)
If you're using macOS, your SSL certificates are stored in the Keychain Access app. To access it:
- Search for Keychain Access in Spotlight and open the app.
- Select a keychain from the menu on the left sidebar.
- Then, click either My Certificates or Certificates to view the certificates in that keychain.
- Select the certificate you want to view by double-clicking the certificate or pressing the info button.
What is the SSL validation process?
SSL validation commonly refers to two different things. On the one hand, it can refer to the process of being validated by a certificate authority (CA). This is to prove that you control the domain that you applied to receive an SSL certificate for.
This type of validation, also called SSL authentication, depends on which type of SSL certificate you purchase:
- Domain Validation (DV): Domain validation SSL certificates are the easiest and least expensive way to achieve encryption. Each DV SSL certificate is good for a single domain. For subdomains or multi-domain SSL, opt for a Wildcard SSL or SAN certificate respectively.
- Organization Validation (OV): OV SSL certificates offer enhanced validation to verify your business or organization's identity. Aside from verifying proof of domain ownership, OV requires proof of an organization’s legitimacy. These include verifying the business address and phone number.
- Extended Validation (EV): An EV SSL certificate is the highest level of validation, typically used by larger businesses. EV consists of verifying everything required with OV plus the legal filings of the organization’s name or company name, company leadership, domain control, and more.
However, in this guide, ‘check SSL validity’ refers to the process of verifying whether an SSL certificate is valid or not. Both forms of SSL validation are important aspects of the SSL process.
How to check if your website’s SSL certificate is valid?
To check ssl validity, you can start by using the steps previously mentioned in this guide. This means locating the certificate either through a browser or by searching on your local device.
Alternatively, you can use GoDaddy's free Certificate Checker to quickly find information about the certificate.
Next, to validate an SSL certificate and check that it can be trusted, you need to verify the following details:
1. The certificate should be issued by a trusted CA.
2. The certificate should be valid for the current date.
3. The certificate should not be revoked.
4. The certificate should match the domain name it is being used for.
5. The certificate should be used with the proper protocol and cipher suite.
If all of these details check out, then the SSL certificate is considered valid. Your website is being encrypted and protected against vulnerabilities.
SSL certificate expiry and renewal
While looking at your website's SSL certificate, you'll notice that there is an expiration date included in the details. This is because all SSL certificates have a limited lifespan and need to be renewed periodically.
Since September 2020, the maximum lifespan of any SSL certificate issued is 13 months.
To ensure that your website's SSL certificate remains valid, you'll need to set up a renewal reminder for yourself. This way, you can be sure to renew the certificate before it expires and your website loses its encryption.
Editor's Note: Check out out guide to learn more ways of managing your SSL certificate!
How to check whether your SSL certificate has expired?
You'll know if your SSL certificate has expired because it will no longer show the 's' in https or the padlock symbol in a browser. This means when you type in your URL, it will show a warning page saying that the connection is not private. This can be detrimental to your website and business since visitors may assume that your site is down.
Rather than letting your SSL certificate expire, it's much better to stay aware of the expiration date. This way you can renew your certificate in advance and keep your site encrypted.
How to renew your SSL certificate?
Renewing your SSL certificate is a simple process. You'll just need to purchase a new certificate from a trusted CA like GoDaddy and then install it on your web server.
With GoDaddy, the process is fast and easy:
1. Log in to your GoDaddy account and open your product page.
2. Select SSL Certificates and click Renew.
3. Choose the certificate you want to renew and select Continue to Cart to complete the purchase.
If you are renewing a certificate for your primary domain hosted with GoDaddy, that's all there is to it. We'll complete the issuance and install your renewed SSL certificate for you. If your site is hosted by a third party or the certificate is for an add-on domain, follow these instructions to install your SSL certificate.
No matter who you host your site with, be sure to renew your certificate before it expires to avoid any interruption in your website's encryption. To make it easy on yourself, just choose to set your SSL certificate to auto-renew. That way you'll never make the mistake of forgetting to renew it!
Editor’s note: Looking to add comprehensive security protection to your website? Sign up for one of GoDaddy’s Website Security plans today!
Removing expired digital certificates
If you have an expired digital certificate on your site, it's important to remove it as soon as possible. This is because leaving an expired certificate on your server can make it vulnerable to attack.
GoDaddy and other certificate authorities will send out a reminder when it's approaching the time to renew your certificate.
This window for renewal starts 120 days prior and extends 30 days after the certificate’s expiration date.
However, if you are not able to renew it in time, you'll need to remove the certificate.
To remove an expired digital certificate from your site hosted with GoDaddy, follow these steps:
1. Go to your GoDaddy product page.
2. Select SSL Certificates and press Manage All.
3. Choose the certificate you want to uninstall.
4. Select Change the site that your certificate protects.
5. Click Remove your certificate from your hosted website, and press Add Change.
6. Press Submit All Saved Changes.
Your certificate will be removed within 24 to 72 hours.
Hopefully, this guide has helped you understand everything you need to know about SSL validation. If you have any questions or need help, our team at GoDaddy is always happy to assist you!
Editor's Note: Check if your website’s SSL certificate is properly installed here.