Ssl Checker
Check SSL/TLS certificate expiry, validity, chain, and configuration for any domain.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/sa9saq/ssl-checkerSSL Checker
Inspect SSL/TLS certificates — expiry dates, issuer details, chain validation, and bulk checks.
Requirements
openssl(pre-installed on most systems)- No API keys needed
Instructions
Single domain check
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates -subject -issuer -ext subjectAltName
Extract specific fields
# Expiry date only
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -enddate
# Days until expiry
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2 | xargs -I{} bash -c 'echo $(( ($(date -d "{}" +%s) - $(date +%s)) / 86400 )) days'
# Full certificate chain
echo | openssl s_client -servername example.com -connect example.com:443 -showcerts 2>/dev/null
Bulk check (multiple domains)
for domain in example.com google.com github.com; do
expiry=$(echo | openssl s_client -servername $domain -connect $domain:443 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)
echo "$domain: $expiry"
done
Output format
## 🔒 SSL Certificate Report — <timestamp>
| Domain | Status | Expires | Days Left | Issuer |
|--------|--------|---------|-----------|--------|
| example.com | 🟢 Valid | 2025-06-15 | 128 | Let's Encrypt |
| expired.com | 🔴 Expired | 2024-12-01 | -39 | DigiCert |
| soon.com | 🟡 Expiring | 2025-02-20 | 12 | Comodo |
**Thresholds**: 🟢 > 30 days | 🟡 ≤ 30 days | 🔴 Expired or ≤ 7 days
Edge Cases
- Non-standard port: Support
domain:8443syntax for custom ports. - Connection refused: Host may not serve HTTPS. Report clearly, don't hang.
- Self-signed certs:
opensslwill show verify errors — report but still extract cert details. - SNI required: Always pass
-servernameflag (some servers serve different certs per hostname). - Timeout: Add
-connecttimeout:timeout 5 openssl s_client ... - Wildcard certs: Note when SAN contains
*.domain.com.
Security
- Only connects to port 443 (or user-specified port) — read-only inspection.
- No credentials or sensitive data involved.
- Validate domain input: alphanumeric, hyphens, dots only.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-sa9saq-ssl-checker": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
threat-model
Threat modeling and attack scenario design. Identify risks before they become vulnerabilities. STRIDE, attack trees, risk matrix.
Sns Auto Poster
Schedule and automate social media posts to X/Twitter with cron-based queue management.
security-review
Comprehensive security review for code, configs, and operations. OWASP, prompt injection, crypto security. Auto-triggers on security-related changes.
Process Monitor
Monitor system processes, identify top CPU/memory consumers, and alert on resource thresholds.
Readme Generator
Auto-generate comprehensive README.md files by analyzing project structure and configuration.