FireDaemon Certify One is a software program designed to help you inspect, audit, and report on SSL / TLS certificates and certificate chain validity. FireDaemon Certify One is based on FireDaemon OpenSSL. FireDaemon Certify One works with Microsoft Windows. Don't forget to check out the Changelog.

FireDaemon Certify One Dashboard


Introduction to FireDaemon Certify One

Web browsers and devices in general have become much stricter with handling SSL / TLS certificates. All major browsers will warn or block access to sites where the SSL / TLS certificate or certificate chain is invalid. Certificate lifespans have been reduced. Hence, it's important to be able to audit and report on certificate validity to ensure the certificate chain is intact and test whether certificates have been revoked or expired. Similarly, access may be blocked to a website if the certificate chain of trust (i.e. all certificates including the root CA certificate and any intermediate certificates) is incomplete, misordered, revoked, or expired. FireDaemon Certify One gives you the ability to:

  • Scan all endpoints of a specific host
  • View graphical reports on the Dashboard
  • Quickly see expiring SSL / TLS certificates
  • Quickly discover failing SSL / TLS certificates or hosts
  • Easily see SSL / TLS renegotiation failures and other handshake warnings
  • Easily view the SSL / TLS certificate chain for a host
  • View the properties of an established SSL / TLS connection
  • View the DNS queries and record types involved in resolving host names
  • Schedule automatic scans of your hosts daily or weekly
  • Receive a scan report in your inbox
  • Query CAA DNS records.

Meeting Cybersecurity Compliance Requirements and Objectives

FireDaemon Certify One can assist you in meeting specific cybersecurity control compliance requirements contained within various cybersecurity frameworks including:

  1. Annex A.10 in ISO/IEC 27001:2022
  2. SC-08 in NIST SP 800-53 R.5.1.1
  3. DS-15.5 in the Motion Picture Association's (MPA) Content Security Best Practices v4.10
  4. TS-1.9 in the Motion Picture Association's (MPA) Content Security Best Practices v5.2.

Download FireDaemon Certify One

FireDaemon Certify One 4.0.8 64-bit / x64
For Microsoft Windows- Intel / AMD only

May 2024 - 30-day trial

64-bit EXE Installer SHA2-256 Checksum


Need to calculate the checksum? Download FireDaemon Lozenge!

Purchase a FireDaemon Certify One License

Please follow this link to purchase a license.

Installing FireDaemon Certify One

Once you have downloaded the installer, double-click the installer and follow the installation instructions.

Using FireDaemon Certify One

Setup Scan Targets and Scheduling

First off, populate the list of Scan Targets. Then click the "Scan All" button. You can also Schedule scans to run automatically. You can test Certify One with valid, expired, and revoked certificates via or

FireDaemon Certify One Scan Targets and Scheduling

Review Scan Log

If you hover over any scanned host, you will see a Scan Log icon. Click on the Scan Log to display the Scan Log dialog which contains scan information.

Certify One Scan Log Dialog

View Graphical Reports on the Dashboard

You will be able to see a graphical summary of scan results on the Dashboard once the scans have been completed.

FireDaemon Certify One SSL / TLS Scan Dashboard

If click on the graph elements you will be provided with a filtered view of the Scan Targets. The screenshot below provides an example, showing scan targets where the certificate issuer is Let's Encrypt.

FireDaemon Certify Search by CA Let's Encrypt

Scan Schedules

Scans can be scheduled. Just click on the Scheduling icon on the Certify One Scan Targets screen to specify the scan cadence.

FireDaemon Certify One Scan Targets Schedule

Email-Based Scan Reports

If you click on the hamburger menu (to the right of the Certify One logo) you can open the Options dialog. In the Options dialog you can set up notification settings, so every time a scan is run (including scheduled scans), Certify One will send you an email-based report. Here are the Options dialog / Notification Settings:

FireDaemon Certify One SMTP Notification Settings Dialog

You should then receive an email-based report similar to below:

FireDaemon Certify One Scan Email Report Example

Querying CAA Records

You can also query DNS CAA records via the command line! For example:

FireDaemon Certify One CAA Record Name Resolution

Bugs? Issues? Feature Requests?

We are actively developing Certify One. Tell us what you think! Let us know what features you would like to see in the product. All feedback is gratefully received!