Certify One SSL / TLS Certificate Auditor

Certify One is a software program designed to help you audit and report on SSL / TLS certificates and certificate chains.


Web browsers and devices in general have become much stricter in regard to handling SSL / TLS certificates. All major browsers will warn or block access to sites where the SSL / TLS certificate or certificate chain is invalid. Certificate lifespans have been reduced. Hence, it's important to be able to audit and report on certificate validity to ensure the certificate chain is intact and test whether certificates have been revoked or are expired. Similarly, access may be blocked to a web site if the certificate chain of trust (i.e. all certificates including the root CA certificate and any intermediate certificates) is incomplete, misordered, revoked, or expired.


Certify One can assist you in meeting specific cybersecurity control compliance requirements contained within various cybersecurity frameworks including Annex A.10 in ISO/IEC 27001:2013 and DS-15.5 in the Motion Picture Association's (MPA) Content Security Best Practices.


Certify One consumes the FireDaemon OpenSSL Binary Distribution, FireDaemon Synkronize Task Scheduling Library and SQLite ORM which we directly contribute code to.


1. Download

FireDaemon Certify One 3.0.1 64-bit / x64 / ARM64EC

May 2022 - 30-day trial - Change Log 

For Microsoft Windows

Windows 8.1, 10, 11

Server 2012, 2012 R2, 2016, 2019, 2022

2. License

Please follow this link to purchase a license.


3. Installation

Once you have downloaded the installer, double-click the installer and follow the installation instructions.


4. Using Certify One

Populate the list of Scan Targets. Then click the "Scan All" button. You can also Schedule scans. If you double click on any host you will be provided detailed scan information. You can test Certify One with valid, expired, and revoked certificates via ssl.com or badssl.com.

Certify One Scan Targets


You will be able to see a graphical summary of the tests on the Dashboard once the scans have been completed.

Certify One Scan Dashboard

You can also query DNS CAA records via the command line! For example:

Certify One DNS CAA Query

Bugs? Issues? Feature Requests?

We are actively developing Certify One. Tell us what you think! Let us know what features you would like to see in the product. All feedback is gratefully received!