What does the SSL checker actually test?

It opens a real TLS connection to the host you enter and reports five things: whether the certificate is installed, valid and trusted; whether the intermediate chain is complete; the expiry date and days remaining; the Subject Alternative Names the certificate covers; and the protocol versions and cipher suites the server negotiates, including any known-weak ones.

Why does my certificate show as not trusted when it works in my own browser?

Almost always a missing intermediate certificate. Your browser may already have the intermediate cached from another site, so it fills the gap silently, but a fresh client does not. The fix is to install the full chain (leaf + intermediates) on the server. The checker flags this because it validates the chain as a clean client would.

Does a valid certificate mean my server is secure?

No. A certificate proves identity and enables encryption, but the server can still negotiate obsolete protocols (TLS 1.0/1.1), weak ciphers, or be exposed to vulnerabilities like POODLE or ROBOT. Certificate validity and configuration security are two separate checks; this tool reports both.

How often should I check my SSL certificate?

Check after every certificate renewal or server change, and set an expiry reminder. With short-lived certificates (90 days or less) now standard, automated monitoring is more reliable than manual checks.

Can I check certificates on internal or private hostnames?

No. The tool connects from the public internet, so it can only test publicly reachable hostnames. For internal names, run the equivalent check locally with OpenSSL: openssl s_client -connect host:443 -servername host.

Privacy & Cookie Policy

Last updated: 16 June 2026

This policy explains how GW SOLUTIONS Ltd. (“we”, “us”, “our”), the operator of ssl.org and its SSL/TLS diagnostic tools (the “Service”), collects, uses and safeguards your personal data and cookies, and the rights you have under the EU General Data Protection Regulation (GDPR) and applicable Bulgarian law.

Our approach to your data

We keep data to the minimum needed to run and secure the Service. We do not sell, rent or trade your data, we do not share it with advertisers or data brokers, and we do not use it for advertising or profiling. The only analytics we use is our own self-hosted Matomo, for debugging and aggregate traffic statistics — it runs cookieless, stays on our infrastructure, and is never passed to a third-party analytics or ad network.

1. Who we are

The data controller responsible for your personal data is:

GW SOLUTIONS Ltd.
Asen Zlatarov 16, 4000 Plovdiv, Bulgaria
Company registration (ЕИК): 201793517 · VAT: BG201793517
Email: contact [at] iban [dot] com · Contact form: iban.com/contact

2. What data we collect

2.1 Information you provide to us

Diagnostic input. When you use our SSL/TLS tools, you submit hostnames, domain names or IP addresses to be analysed. This input is used only to perform the check you requested and to return your results. We do not use it to identify you and do not retain it for profiling or marketing. It does not need to contain personal data, and we ask that you do not submit personal data within it.
Contact data. If you contact us, we receive your name, email address, your message, and anything else you choose to include.

2.2 Information we collect automatically

Technical log data. Our servers automatically record your IP address, browser type and version, operating system, referring page, the resources you request, and the date and time of each request.
Cookies and similar technologies. See Section 10 (Cookies).

2.3 Information from third parties

When you run a diagnostic, our Service connects to the target host or domain you specified to retrieve its certificate and configuration. That target is a system you have chosen to test; we do not collect personal data about you from it.

3. How and why we use your data

To provide the Service and return the diagnostic results you request.
To operate, maintain, secure and debug the Service, including diagnosing faults.
To detect, prevent and investigate abuse, automated misuse and security incidents.
To respond to your enquiries and provide support.
To comply with our legal obligations and to establish, exercise or defend legal claims.
To understand aggregate traffic (visits and pages) through our self-hosted Matomo. We do not use it for advertising or profiling.

4. Legal bases for processing

Under the GDPR we rely on the following legal bases (Article 6(1)):

Performance of a contract or steps prior to it — to deliver the Service you request.
Legitimate interests — to keep the Service secure and reliable, to prevent abuse, and to understand and improve how it is used, balanced against your rights and freedoms.
Legal obligation — where we must process data to comply with the law.

We do not sell, rent or trade your personal data, and we do not share it with advertisers or data brokers. We share data only where strictly necessary:

Hosting/infrastructure provider — Google Cloud Platform (Google Ireland Limited / Google LLC) runs our servers on our instructions.
Authorities, where required by law or to protect the security of the Service.

Our only analytics is self-hosted Matomo, which we run ourselves and use solely for debugging and aggregate traffic statistics. Analytics data stays on our infrastructure and is never shared with a third-party analytics company or used for advertising. Where a provider processes personal data on our behalf, we put in place a data-processing agreement as required by Article 28 GDPR.

6. International transfers

Some of our providers may process data outside the European Economic Area (EEA). Where that happens, we rely on an appropriate safeguard under Chapter V GDPR — typically an EU adequacy decision or the European Commission’s Standard Contractual Clauses, with any supplementary measures needed to protect your data. You may request more information using the contact details below.

7. How long we keep data

Diagnostic input and results are used only to perform your check and are not retained for profiling or marketing.
Server logs, where kept, are used only for security and debugging and are retained no longer than necessary, then deleted or anonymised.
Contact correspondence is kept for as long as needed to handle your request and for a reasonable period afterwards.

We keep personal data only as long as necessary for the purposes set out above or as required by law.

8. Your rights

Subject to the conditions in the GDPR, you have the right to access, rectify, erase, restrict or port your personal data, to object to processing based on our legitimate interests, and to withdraw any consent without affecting processing already carried out.

To exercise any of these rights, contact us using the details in Section 14. We will respond within the time limits set by the GDPR.

You also have the right to lodge a complaint with a supervisory authority. In Bulgaria this is the Commission for Personal Data Protection (Комисия за защита на личните данни) — www.cpdp.bg. You may also contact the authority in your country of residence.

9. How we protect your data

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. These include encryption in transit (HTTPS/TLS), access controls and ongoing hardening of our systems. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Cookies

We keep cookies to an absolute minimum. We do not use cookies for advertising, profiling or tracking. Our analytics platform, self-hosted Matomo, runs in cookieless mode for debugging and aggregate traffic statistics and stores nothing on your device. The only cookies that may be set are strictly necessary ones (for example, a temporary session cookie if you use a feature that requires it); these do not require consent. You can control or block cookies through your browser settings, though blocking strictly necessary cookies may affect features that rely on them.

11. Children’s privacy

The Service is a technical tool intended for a general and professional audience and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Third-party links

The Service may link to third-party websites or report on third-party systems. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies.

13. Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Please review this page periodically.

14. How to contact us

For any question about this policy or your personal data, contact:

GW SOLUTIONS Ltd.
Asen Zlatarov 16, 4000 Plovdiv, Bulgaria
Email: contact [at] iban [dot] com · Contact form: iban.com/contact