FireDaemon Certify One for Microsoft Windows delivers continuous SSL/TLS certificate monitoring with full-chain validation, real-time DNS tracking, and detailed handshake analysis. Prepare for post-quantum cryptography with FIPS 203 ML-KEM support and NIST Category 1-5 algorithm ratings. Get instant alerts for certificate expiration, compliance violations, and configuration issues, all powered by FireDaemon OpenSSL 3.6 for current and emerging cryptographic standards.


FireDaemon Certify One Dashboard


TABLE OF CONTENTS

Introduction to FireDaemon Certify One

Web browsers and devices in general have become much stricter with handling SSL/TLS certificates. All major browsers will warn or block access to sites where the SSL/TLS certificate or certificate chain is invalid. Certificate lifespans have been reduced. Hence, it's essential to be able to audit and report on certificate validity to ensure the certificate chain is intact and test whether certificates have been revoked or expired. Similarly, access may be blocked to a website if the certificate chain of trust (i.e. all certificates, including the root CA certificate and any intermediate certificates) is incomplete, misordered, revoked, or expired. FireDaemon Certify One's features include:

Certificate Management & Monitoring

  • Scan all endpoints of a specific host for complete SSL/TLS coverage
  • Quickly identify expiring SSL/TLS certificates across your infrastructure
  • Instantly discover failing SSL/TLS certificates or problematic hosts
  • Schedule automatic scans of your hosts daily or weekly for continuous monitoring
  • Receive detailed scan reports delivered directly to your inbox

Security Analysis & Validation

  • Perform continuous certificate lifecycle management with full-chain validation
  • Easily view the complete SSL/TLS certificate chain for any host
  • Monitor real-time DNS resolution performance and query analysis
  • View DNS queries and record types involved in resolving host names
  • Query CAA (Certificate Authority Authorisation) DNS records for policy compliance

Connection & Handshake Diagnostics

  • Conduct detailed TLS handshake analysis to identify protocol issues
  • Easily detect SSL/TLS renegotiation failures and other handshake warnings
  • View comprehensive properties of established SSL/TLS connections
  • Monitor cipher suite configurations and protocol misconfigurations

Post-Quantum Cryptography Readiness

  • Evaluate cryptographic implementations with FIPS 203 ML-KEM support
  • Access detailed NIST Category 1-5 algorithm ratings for risk assessment
  • Prepare for quantum-safe transition with built-in PQC readiness assessments

Reporting & Alerts

  • View graphical reports and analytics on the centralised Dashboard
  • Receive instant alerts for certificate expiration and compliance violations
  • Get notifications for security configuration drift and policy violations
  • Generate comprehensive compliance and security posture reports

Cybersecurity Framework Compliance

FireDaemon Certify One can assist you in meeting specific cybersecurity control compliance requirements contained within various cybersecurity frameworks, including:

Download FireDaemon Certify One


Download FireDaemon Pro


Version 4.2.3 64-bit / x64

For Microsoft Windows - Intel / AMD only

August 2025 - 30-day trial


Installer SHA2-256 Checksum

 F23EDE58FB068B4B09903A35FD6B90E3F54DED83768478DB13304B93F349BB00


Need to calculate the checksum? Download FireDaemon Lozenge!


Purchase a FireDaemon Certify One License

Please follow this link to purchase a license.


License Quantity12-2526-7576+
Volume Discount0%10%20%30%
FireDaemon Certify One price per license$49.00$44.00$39.00$34.00
FireDaemon Certify On 12-month Software Assurance and Priority Technical Support Subscription price per license$17.00$16.00$14.00$12.00


Installing FireDaemon Certify One

Once you have downloaded the installer, double-click it and follow the installation instructions.


Using FireDaemon Certify One

Setup Scan Targets and Scheduling

First off, populate the list of Scan Targets. Then click the "Scan All" button. You can also schedule scans to run automatically. You can test Certify One with valid, expired, and revoked certificates via ssl.com or badssl.com.


FireDaemon Certify One Scan Targets


Review Scan Log

If you hover over any scanned host, you will see a Scan Log icon. Click on the Scan Log to display the Scan Log dialog, which contains scan information.


Certify One Scan Log Dialog



View Graphical Reports on the Dashboard

You will be able to see a graphical summary of scan results on the Dashboard once the scans have been completed.


FireDaemon Certify One SSL/TLS Scan Dashboard


If you click on the graph elements, you will be provided with a filtered view of the Scan Targets. The screenshot below provides an example, showing scan targets where the certificate issuer is Google Trust Services.


FireDaemon Certify Search by CA Google Trust Services


Scan Schedules

Scans can be scheduled. Just click on the Scheduling icon on the Certify One Scan Targets screen to specify the scan cadence.



Email-Based Scan Reports

If you click on the hamburger menu (to the right of the Certify One logo) you can open the Options dialog. In the Options dialog you can set up notification settings, so every time a scan is run (including scheduled scans), Certify One will send you an email-based report. Here are the Options dialog / Notification Settings:


FireDaemon Certify One SMTP Notification Settings Dialog


You should then receive an email-based report similar to below:


FireDaemon Certify One Scan Email Report Example



SSLClient Command Line

FireDaemon Certify One offers a simple command-line client called SSLClient. If you run SSLClient you will see the subcommands:



Subcommand examples are below:

SSLClient select service-types
SSLClient connect www.firedaemon.com:443 --service-type HTTPS
SSLClient caa gitlab.com

The output examples from the commands above are below.


SSLClient Select Service Types

FireDaemon Certify One SSLClient service types


SSLClient Connect

FireDaemon Certify One SSLClient connect


SSLClient CAA

FireDaemon Certify One SSLClient caa


Bugs? Issues? Feature Requests?

We are actively developing Certify One. Tell us what you think! Let us know what features you would like to see in the product. All feedback is gratefully received!