FireDaemon Inspektor SSL / TLS Certificate Validator
FireDaemon Inspektor is a simple command-line utility designed to help you validate SSL / TLS certificate chains. Why would you want such a utility? In recent years, browsers have become much stricter in regard to handling SSL / TLS certificates. For example, all major browsers will warn or even block access to sites where the SSL / TLS certificate is expired, self-signed, or revoked. Similarly, access may be blocked if the certificate chain of trust (e.g. root CA or intermediate certificates) is incorrect, certificates in the chain of trust are missing or have been revoked. Hence, it's important to be able to audit the validity of certificates, certificate chains and test whether certificates have been revoked.
Download Firedaemon Inspektor SSL / TLS Certificate Validator
For 64-bit (x64) Microsoft Windows Operating Systems
March 2021 - Free
Installing FireDaemon Inspektor SSL / TLS Certificate Validator
Please do the following:
- Unpack the ZIP file to a temporary location
- Copy the contents of the x64 folder found in the ZIP file to a directory of your choice (e.g. C:\Program Files\FireDaemon Inspektor)
- Install the Microsoft Windows Visual C++ Runtime found in the prerequisites folder found in the ZIP file by double-clicking on the file vc_redist.x64.exe
- Open an elevated command prompt and change directory to the installation directory (e.g. cd \Program Files\FireDaemon Inspektor)
Using FireDaemon Inspektor SSL / TLS Certificate Validator
Type SSLClient at the command prompt to see the command-line options per the screenshot below.
Checking A Certificate Chain
Use the SSLClient connect <url>:<port> syntax to check a certificate chain. Multiple <url>:<port> arguments can be supplied to check multiple certificates at once. For example:
Checking Certificate Revocation
You can also use the --crl-check option to check for the presence of a certificate revocation list URI. If none is presented you will get a certificate verification error. For example, the firedaemon.com certificate does not contain a revocation list URI:
Whilst the microsoft.com certificate does contain a certificate revocation list URI:
You can test FireDaemon Inspektor with valid, expired, and revoked certificates via ssl.com.
Bugs? Issues? Feature Requests?
Tell us what you think! All feedback gratefully received!