Technolila Webtools
7 views

Computed Truth

93% of phishing sites now use HTTPS. The presence of a padlock means the *connection* is encrypted, not that the *site* is safe. True trust comes from **Identity Validation** (Organization Validation/Extended Validation) and strong key exchange algorithms (ECDHE), not just the existence of a certificate.

SSL/TLS Security Strength Checker

Audit Live Certificate

The Technical Proof

This tool performs a real HTTPS handshake (`ClientHello`) to retrieve the server's certificate chain. It validates:

  1. Expiry (notAfter): Ensure current time < `validTo`.
  2. Key Size: RSA keys < 2048 bits are considered "broken" by NIST implementation guidance. ECDSA keys (256-bit) offer equivalent security with better performance.
  3. Signature Algorithm: SHA-1 was formally deprecated in 2011. Modern certs must use SHA-256 or better.

Chain of Trust Logic

  1. Leaf Certificate: The certificate issued to `example.com`. Validated against the specific domain name.
  2. Intermediate CA: The bridge between the Root and the Leaf. The browser checks if this intermediate is allowed to sign certificates.
  3. Root CA: The Trust Anchor installed in your Operating System / Browser store. If the chain doesn't link to a Root you trust, the connection fails.