FireDaemon Certify One SSL / TLS Certificate Auditor

FireDaemon Certify One is a software program designed to help you audit and report on SSL / TLS certificates and certificate chains.

FireDaemon Certify One Dashboard

Web browsers and devices in general have become much stricter in regard to handling SSL / TLS certificates. All major browsers will warn or block access to sites where the SSL / TLS certificate or certificate chain is invalid. Certificate lifespans have been reduced. Hence, it's important to be able to audit and report on certificate validity to ensure the certificate chain is intact and test whether certificates have been revoked or are expired. Similarly, access may be blocked to a web site if the certificate chain of trust (i.e. all certificates including the root CA certificate and any intermediate certificates) is incomplete, mis-ordered, revoked, or expired.

FireDaemon Certify One can assist you in meeting specific cybersecurity control compliance requirements contained within various cybersecurity frameworks including Annex A.10 in ISO/IEC 27001:2013 and DS-15.5 in the Motion Picture Association's (MPA) Content Security Best Practices.

Certify One consumes the FireDaemon OpenSSL Binary Distribution, FireDaemon Synkronize Task Scheduling Library and SQLite ORM which we directly contribute code to.


FireDaemon Certify One 4.0.2 64-bit / x64 / ARM64EC

September 2022 - 30-day trial - Change Log 

For Microsoft Windows

Windows 8.1, 10, 11

Server 2012, 2012 R2, 2016, 2019, 2022


Please follow this link to purchase a license.


Once you have downloaded the installer, double-click the installer and follow the installation instructions.

Using FireDaemon Certify One

Step 1: Setup Scan Targets and Scheduling

First off, populate the list of Scan Targets. Then click the "Scan All" button. You can also Schedule scans to run automatically. You can test Certify One with valid, expired, and revoked certificates via or

FireDaemon Certify One Scan Targets and Scheduling

Review Scan Log

If you double click on any host you will be provided detailed scan information.Certify One Scan Log

View The Graphical Reports on the Dashboard

You will be able to see a graphical summary of scan results on the Dashboard once the scans has completed. If click on the graph elements you will be provided with a filtered view of the Scan Targets.

FireDaemon Certify One Dashboard

Email Reports

If you click on the hamburger menu (to the right of the Certify One logo) you can open the Options dialog. In the Options dialog you can setup notification settings, so every time a scan is run Certify One will send you an email based report. Here's the Options menu:

You should then receive an email based report similar to below:

Querying CAA Records

You can also query DNS CAA records via the command line! For example:

FireDaemon Certify One CAA Record Name Resolution

Bugs? Issues? Feature Requests?

We are actively developing Certify One. Tell us what you think! Let us know what features you would like to see in the product. All feedback is gratefully received!