What is Certificate
Validation?
Certificate validation checks verify that your SSL/TLS certificate has a valid trust chain, proper public key, valid signature, matches your domain, and has CAA records.
Why it
matters.
A valid certificate chain ensures browsers trust your certificate. Domain name matching prevents certificate errors. CAA records control which Certificate Authorities can issue certificates for your domain, preventing unauthorized certificate issuance. This is fundamental to HTTPS security.
What can
go wrong.
Invalid certificates: browsers show security warnings, users cannot access your site, attackers can issue fake certificates for your domain (without CAA), and you fail compliance requirements. Missing CAA records allow any CA to issue certificates for your domain.
Technical
details.
Certificate validation checks: 1) Trust chain (certificate is signed by trusted CA), 2) Public key validity, 3) Signature validity, 4) Domain name matches certificate (CN or SAN), 5) CAA (Certificate Authority Authorization) DNS records exist to control certificate issuance.
Check your domain’s
certificate status.
Run a free security check to see how your domain scores across all sixteen checks, including certificate validation.