SAB Security
DEENTRFR

TLS & HTTPS

TLS Certificate Check — HTTPS Security Review

HTTPS is the foundation of website trust. An expired, misconfigured, or incomplete TLS setup breaks encryption and shows browser warnings that drive visitors away. Our external check verifies your TLS configuration from the outside — practical, clear, and actionable.

What We Check

Certificate Validity

Is the certificate currently valid, issued by a trusted CA, and covering all hostnames (including www and non-www)? We check expiry dates, issuer chain, and SAN coverage.

TLS Protocol Support

Which TLS versions does your server offer? TLS 1.0 and 1.1 are deprecated and should be disabled. We verify that TLS 1.2 and 1.3 are available.

HTTP→HTTPS Redirect

Does HTTP traffic redirect to HTTPS correctly? Do both www and non-www redirect to the same canonical hostname? Mixed redirects break encryption and confuse search engines.

HSTS Configuration

Is HTTP Strict Transport Security enabled? Does it include subdomains and preload? HSTS prevents downgrade attacks and ensures browsers always use HTTPS.

Cipher Suite Strength

Are weak ciphers enabled? Do you support forward secrecy? We check the cipher suites your server advertises.

Certificate Transparency

Are your certificates logged in Certificate Transparency logs? Missing CT logs can cause trust issues in modern browsers.

What We Don't Do

External TLS inspection — same perspective as a browser or visitor

Written authorisation required before any testing

Clear certificate chain analysis and renewal recommendations

No access to your server, private keys, or hosting control panel

No certificate installation or renewal on your behalf

No intrusive TLS testing (no downgrade attacks, no padding oracle tests)

No "guaranteed A+ rating" — we report what we find, honestly

Why It Matters

TLS certificates are not "set and forget." Certificates expire — sometimes silently. Auto-renewal via Let's Encrypt can fail. A certificate might cover www.example.com but not example.com, leaving half your visitors with a browser warning. Old TLS versions linger after server upgrades.

For small businesses, a TLS problem is directly visible to every visitor — unlike a backend vulnerability. A browser warning ("Your connection is not private") costs trust immediately. Our check verifies that your TLS setup is complete, current, and correctly configured across all hostnames.

Sample Findings

Certificate valid but missing SAN for non-www Medium

The TLS certificate covers www.example.com but not example.com. Visitors who type the domain directly see a certificate warning. For small businesses, this means lost customers — many people type the domain without www.

www.example.com → TLS 1.3, valid certificate
example.com → certificate name mismatch warning

TLS 1.0 and 1.1 still enabled Low

The server still accepts TLS 1.0 and 1.1 connections. These versions are deprecated by the IETF and no longer accepted by PCI DSS. While most modern browsers use TLS 1.2+, older clients and automated scanners will negotiate the weaker protocol.

openssl s_client -tls1 → connection accepted

HSTS missing Low

The server does not send an HSTS header. Without HSTS, a man-in-the-middle attacker can strip HTTPS and serve the HTTP version of the site. HSTS tells browsers "always use HTTPS for this domain." It's a one-line nginx/Apache configuration.

Strict-Transport-Security header not present in response

How It Works

  1. You contact us with your domain.
  2. We agree on scope in writing. You tell us which hostnames to check.
  3. We perform the external TLS check from Karlsruhe, Germany — passive, documented, no intrusive testing.
  4. You receive a clear PDF report with certificate details, protocol analysis, and specific configuration recommendations.
  5. One retest is included after you've updated your configuration.

Website Security Deep Review — 499 €

Includes the full TLS certificate and HTTPS check plus complete security review: security headers, email authentication, exposed files, contact form, and more. Practical report with clear next steps.

Request your security review

Pricing · Sample Report · Rules of Engagement

Related Topics

Small Business Security Check · Email Security (DMARC/SPF/DKIM) · WordPress Security Check · GDPR Website Compliance · Website Hacked – What To Do