Last reviewed against v0.9.0
source:
internal/tools/tls_inspector.go TLS Inspector
Full chain dump, cipher matrix, HSTS, OCSP staple, ALPN. Covers the simpler "cert checker" use case too.
Probes a target host:port and reports:
- Full chain dump — every cert in the chain with subject, issuer, validity, SANs, fingerprint
- Cipher matrix — which TLS versions and ciphers the server supports (we negotiate against each in turn)
- HSTS — max-age, includeSubDomains, preload
- OCSP staple — present and valid?
- ALPN — what protocols the server agrees to (h2, http/1.1)
Covers the simpler “cert checker” use case (expiry / common name / SAN match) as well — there’s no separate Cert Checker tool.