What does TLS Advisor check?
TLS Advisor checks the presented certificate chain, supported TLS versions, observed ciphers, CAA policy, and common chain hygiene issues such as missing intermediates or wrong order.
Workflow
TLS Advisor
Check the live TLS chain, versions, and ciphers.
Mode
Run a check to populate findings, supported TLS versions, the presented chain, and the exact certificate that should be fixed or removed.
Run a bulk check to see which hosts are clean, which ones need fixes, and whether anything changed compared with the previous saved run.
Quick Answers
When to use TLS Advisor
These short answers are intended for both human readers and answer engines.
What input gives the best result?
The best input is the real public hostname or URL that is failing so the tool can inspect the live endpoint that users actually reach.
How To Read The Result
This workflow is designed for diagnosis, not only grading.
The output is meant to help an operator decide which bundle, protocol setting, or edge policy to change first.
Chain findings
Missing intermediates, wrong order, and served root anchors matter because they point to a certificate-bundle construction problem, not merely a generic trust failure.
Protocol and cipher findings
Legacy TLS and weak cipher support still matter even when a normal browser session succeeds, because scanners, APIs, and policy reviews often care about the broader attack surface.
Policy checks
HSTS and CAA are included because TLS posture is not only about the certificate itself. The surrounding edge policy often explains why a deployment still feels weak after renewal.