FireDaemon Certify One for Microsoft Windows delivers continuous SSL/TLS certificate monitoring with full-chain validation, real-time DNS tracking, and detailed handshake analysis. Prepare for post-quantum cryptography with FIPS 203 ML-KEM support and NIST Category 1-5 algorithm ratings. Get instant alerts for certificate expiration, compliance violations, and configuration issues, all powered by FireDaemon OpenSSL 3.6 for current and emerging cryptographic standards.
TABLE OF CONTENTS
- Introduction to FireDaemon Certify One
- Download FireDaemon Certify One
- Purchase a FireDaemon Certify One License
- Installing FireDaemon Certify One
- Using FireDaemon Certify One
- Bugs? Issues? Feature Requests?
Introduction to FireDaemon Certify One
Web browsers and devices in general have become much stricter with handling SSL/TLS certificates. All major browsers will warn or block access to sites where the SSL/TLS certificate or certificate chain is invalid. Certificate lifespans have been reduced. Hence, it's essential to be able to audit and report on certificate validity to ensure the certificate chain is intact and test whether certificates have been revoked or expired. Similarly, access may be blocked to a website if the certificate chain of trust (i.e. all certificates, including the root CA certificate and any intermediate certificates) is incomplete, misordered, revoked, or expired. FireDaemon Certify One's features include:
Certificate Management & Monitoring
- Scan all endpoints of a specific host for complete SSL/TLS coverage
- Quickly identify expiring SSL/TLS certificates across your infrastructure
- Instantly discover failing SSL/TLS certificates or problematic hosts
- Schedule automatic scans of your hosts daily or weekly for continuous monitoring
- Receive detailed scan reports delivered directly to your inbox
Security Analysis & Validation
- Perform continuous certificate lifecycle management with full-chain validation
- Easily view the complete SSL/TLS certificate chain for any host
- Monitor real-time DNS resolution performance and query analysis
- View DNS queries and record types involved in resolving host names
- Query CAA (Certificate Authority Authorisation) DNS records for policy compliance
Connection & Handshake Diagnostics
- Conduct detailed TLS handshake analysis to identify protocol issues
- Easily detect SSL/TLS renegotiation failures and other handshake warnings
- View comprehensive properties of established SSL/TLS connections
- Monitor cipher suite configurations and protocol misconfigurations
Post-Quantum Cryptography Readiness
- Evaluate cryptographic implementations with FIPS 203 ML-KEM support
- Access detailed NIST Category 1-5 algorithm ratings for risk assessment
- Prepare for quantum-safe transition with built-in PQC readiness assessments
Reporting & Alerts
- View graphical reports and analytics on the centralised Dashboard
- Receive instant alerts for certificate expiration and compliance violations
- Get notifications for security configuration drift and policy violations
- Generate comprehensive compliance and security posture reports
Cybersecurity Framework Compliance
FireDaemon Certify One can assist you in meeting specific cybersecurity control compliance requirements contained within various cybersecurity frameworks, including:
- Annex A.10.1 in ISO/IEC 27001:2022 (Cryptography controls)
- SC-08 in NIST SP 800-53 Release 5.1.1 (Transmission Confidentiality and Integrity)
- TS-3.0, TS-3.1, and TS-3.2 in the Motion Picture Association's (MPA) Content Security Best Practices v5.3.1 (Cryptography).
Download FireDaemon Certify One
Version 4.2.3 64-bit / x64 For Microsoft Windows - Intel / AMD only August 2025 - 30-day trial Installer SHA2-256 Checksum F23EDE58FB068B4B09903A35FD6B90E3F54DED83768478DB13304B93F349BB00 Need to calculate the checksum? Download FireDaemon Lozenge! |
Purchase a FireDaemon Certify One License
Please follow this link to purchase a license.
| License Quantity | 1 | 2-25 | 26-75 | 76+ |
|---|---|---|---|---|
| Volume Discount | 0% | 10% | 20% | 30% |
| FireDaemon Certify One price per license | $49.00 | $44.00 | $39.00 | $34.00 |
| FireDaemon Certify On 12-month Software Assurance and Priority Technical Support Subscription price per license | $17.00 | $16.00 | $14.00 | $12.00 |
Installing FireDaemon Certify One
Once you have downloaded the installer, double-click it and follow the installation instructions.
Using FireDaemon Certify One
Setup Scan Targets and Scheduling
First off, populate the list of Scan Targets. Then click the "Scan All" button. You can also schedule scans to run automatically. You can test Certify One with valid, expired, and revoked certificates via ssl.com or badssl.com.
Review Scan Log
If you hover over any scanned host, you will see a Scan Log icon. Click on the Scan Log to display the Scan Log dialog, which contains scan information.
View Graphical Reports on the Dashboard
You will be able to see a graphical summary of scan results on the Dashboard once the scans have been completed.
If you click on the graph elements, you will be provided with a filtered view of the Scan Targets. The screenshot below provides an example, showing scan targets where the certificate issuer is Google Trust Services.
Scan Schedules
Scans can be scheduled. Just click on the Scheduling icon on the Certify One Scan Targets screen to specify the scan cadence.
Email-Based Scan Reports
If you click on the hamburger menu (to the right of the Certify One logo) you can open the Options dialog. In the Options dialog you can set up notification settings, so every time a scan is run (including scheduled scans), Certify One will send you an email-based report. Here are the Options dialog / Notification Settings:
You should then receive an email-based report similar to below:
SSLClient Command Line
FireDaemon Certify One offers a simple command-line client called SSLClient. If you run SSLClient you will see the subcommands:
Subcommand examples are below:
SSLClient select service-types SSLClient connect www.firedaemon.com:443 --service-type HTTPS SSLClient caa gitlab.com
The output examples from the commands above are below.
SSLClient Select Service Types
SSLClient Connect
SSLClient CAA
Bugs? Issues? Feature Requests?
We are actively developing Certify One. Tell us what you think! Let us know what features you would like to see in the product. All feedback is gratefully received!