Certificate Chain Checker
Validate your SSL/TLS certificate chain in seconds. Check chain trust, intermediate certificates, SANs, protocol version, and cipher strength.
About this check
What is a certificate chain?
A certificate chain (or chain of trust) links your server's SSL certificate to a trusted root Certificate Authority (CA). It typically includes your domain certificate, one or more intermediate certificates, and the root CA certificate. Browsers verify this chain to ensure your certificate is trustworthy.
Why check your certificate chain?
An incomplete or misconfigured chain causes browser trust errors, even if your certificate itself is valid. Missing intermediates are the most common SSL misconfiguration. Some browsers cache intermediates and work anyway, while others show security warnings, creating inconsistent user experiences.
How to fix chain issues
If your chain is incomplete, download the intermediate certificate(s) from your CA and concatenate them with your server certificate in the correct order. Most CAs provide a "full chain" or "bundle" file. In Nginx, use ssl_certificate with the full chain. In Apache, use SSLCertificateChainFile.
FAQ
Operator questions, answered.
Is this certificate chain checker free?+
Yes, completely free. No signup or credit card required. Check any public domain's certificate chain instantly.
What does "chain valid" mean?+
A valid chain means your server presents a complete path from your domain certificate through any intermediates to a trusted root CA. Browsers can verify every link in the chain without needing to fetch missing certificates.
How is this different from an SSL checker?+
An SSL checker focuses on certificate validity and expiry. This tool specifically validates the certificate chain of trust, checking that all intermediate certificates are present and correctly ordered. CQwerty Shield's full scan covers both plus 16 other security dimensions.
Certificate Chain Checker is one of 18 plus checks.
A free Cora scan covers TLS, DMARC, SPF, DNS, headers, WHOIS, and breach exposure in a single 90 second submission.