The Certificate tab is available at /certificate/<domain>. StatsDen connects to the exact hostname on port 443 and uses that same hostname for SNI. You can include a custom port after the hostname, such as example.com:8443, to inspect the TLS certificate served on that port.

Custom ports

Use hostname:port to inspect TLS on a non-standard service port. For example, example.com:8443 connects to port 8443, while the hostname example.com is still used for SNI and certificate validation.

If no port is provided, StatsDen uses port 443. The supplied port applies only to the HTTP Headers and Certificate tabs; DNS Records, DNS Propagation, and WHOIS/RDAP use the hostname without the port.

Connection details

The page shows the connected IP address, resolved public IPs, validation status, TLS version, cipher, ALPN protocol, and certificate-chain source.

Certificate details

For each certificate in the chain, StatsDen displays subject and issuer data, validity dates, serial number, public key details, signature algorithm, fingerprints, and subject alternative names.

Invalid certificates

When a server presents an invalid certificate, StatsDen still shows the available server-provided chain with a validation warning when possible.

Access and safety

TLS Certificates are available to logged-in users. Destinations resolving to non-public IP addresses are rejected.