The Digicert Certificate Utility – Certificate Installation Checker allows you to perform an SSL handshake with a local or remote SSL socket (https, pop3s, imaps, ldaps, etc.) and then show you what certificate, and chain that is currently bound to that application returning to its clients.
This is useful for troubleshooting intermediate certificate issues, errors with certificates on websites, figuring out what certificates are bound to websites/applications/IP’s, etc.. for both Internal and External Networks.
To download the Digicert Certificate utility for Windows perform the following.
Downloading and Installing The Digicert Certificate Utility.
- On your Windows server or workstation, download and save the Digicert Certificate Utility for Windows executable (DigiCertUtil.exe).
- Run the Digicert Certificate Utility for Windows by Double-click DigiCertUtil.
Congrats you have downloaded and installed the Digicert Certificate Utility.
To check a website or IP address’s SSL Certificate perform the following:
- Run the Digicert Certificate Utility for Windows (double-click DigiCertUtil).
- Click Tools.
- Under Certificate Installation Checker, click Check Install.
- In the Certificate Installation Checker pop up specify the following:
- Server Address: The fully qualified name of the website or IP address.
- Port Number: Specify the port. Usually SSL encryption runs on default portal 443 or 8443, yet your environment may differ.
- SSL TLS mode: Leave at default.
- Click Query Server.
You Certificate Checker will pull up a list of information regarding the current certificate found on that website. You should see an SSL certificate and any subsequent chain intermediates radiating from the website you just queried.
The Certificate Checker is good at pointing out if what certificates are installed on what system. If I specified in the Server Address www.Ametek.com yet the Certificate list returned from the server came back with a certificate issued to www.localhost/ssl then the wrong certificate must be bound to that website.
Note: Some certificates have SAN or wildcards meaning that a certificate can work for multiple websites. You can double-click on each certificate in the results to view more details about the certificates that are currently bound to the Server.