FireDaemon Inspektor SSL / TLS Certificate Validator

FireDaemon Inspektor is a simple command-line utility designed to help you validate SSL / TLS certificate chains. Why would you want such a utility? In recent years, browsers have become much stricter in regard to handling SSL / TLS certificates. For example, all major browsers will warn or even block access to sites where the SSL / TLS certificate is expired, self-signed, or revoked. Similarly, access may be blocked if the certificate chain of trust (e.g. root CA or intermediate certificates) is incorrect, certificates in the chain of trust are missing or have been revoked. Hence, it's important to be able to audit the validity of certificates, certificate chains and test whether certificates have been revoked.


Download Firedaemon Inspektor SSL / TLS Certificate Validator

FireDaemon Inspektor

For 64-bit (x64) Microsoft Windows Operating Systems

March 2021 - Free


Installing FireDaemon Inspektor SSL / TLS Certificate Validator

Please do the following:

  1. Unpack the ZIP file to a temporary location
  2. Copy the contents of the x64 folder found in the ZIP file to a directory of your choice (e.g. C:\Program Files\FireDaemon Inspektor)
  3. Install the Microsoft Windows Visual C++ Runtime found in the prerequisites folder found in the ZIP file by double-clicking on the file vc_redist.x64.exe
  4. Open an elevated command prompt and change directory to the installation directory (e.g. cd \Program Files\FireDaemon Inspektor)


Using FireDaemon Inspektor SSL / TLS Certificate Validator

Command-Line Options

Type SSLClient at the command prompt to see the command-line options per the screenshot below.


FireDaemon Inspektor Command Line


Checking A Certificate Chain

Use the SSLClient connect <url>:<port> syntax to check a certificate chain. Multiple <url>:<port> arguments can be supplied to check multiple certificates at once. For example:


FireDaemon Inspektor Certificate Check


Checking Certificate Revocation

You can also use the --crl-check option to check for the presence of a certificate revocation list URI. If none is presented you will get a certificate verification error. For example, the firedaemon.com certificate does not contain a revocation list URI:


FireDaemon Inspektor Certificate Revocation Check


Whilst the microsoft.com certificate does contain a certificate revocation list URI:


FireDaemon Inspektor Certificate Revocation Check


You can test FireDaemon Inspektor with valid, expired, and revoked certificates via ssl.com.


Bugs? Issues? Feature Requests?

Tell us what you think! All feedback gratefully received!