Home › Security Tools
Security Tools
Security Tools
Unified TLS, DNS, email, and website security diagnostics with actionable hardening guidance.
Port Scanner
/port-scanner
Check whether ports are reachable.
SSL Certificate Checker
/ssl-checker
Verify TLS validity, chain, issuer and expiry.
Domain DNS Security Check
/domain-dns-security-check
Assess DNS and domain-level security posture.
SPF Generator
/spf-generator
Generate SPF DNS records with guided options.
DMARC Generator
/dmarc-generator
Generate DMARC policy records with guided policy settings.
DKIM Record Generator
/dkim-record-generator
Generate DKIM DNS record values for selectors.
Email Security Checker
/email-security-checker
Check overall SPF, DKIM, and DMARC security posture.
Website Vulnerability Scanner
/website-vulnerability-scanner
Run passive website security checks and risk hints.
Security Guides
Deepen your security knowledge
8 min
SSL Certificate Expiry: How to Monitor It and Prevent Outages
An expired SSL certificate takes your site offline for every user — browsers display a full-page error, API clients refuse to connect, and there is no graceful degradation. What makes **SSL certificate expiry monitoring** a persistent problem is that most teams assume auto-renewal handles it, right up until it doesn't. Let's Encrypt renewals fail silently when DNS validation breaks. Commercial certificate renewals get lost in email threads. Wildcard certificates covering dozens of subdomains expire because only the root domain was monitored. This guide covers how to check certificate expiry, why automated renewals fail more than expected, and how to build a monitoring setup that catches problems weeks before users see an error.
8 min
TLS Certificate Chain Validation: What It Is and How to Fix Chain Errors
A certificate can be perfectly valid — correct domain, unexpired, issued by a trusted CA — and still cause browsers to display a "certificate not trusted" error. The cause is almost always the same: a broken certificate chain. When a server fails to send the complete chain of certificates connecting its leaf certificate to a trusted root CA, the browser cannot verify the certificate's legitimacy and refuses to establish the connection. **TLS certificate chain errors** are one of the most common HTTPS misconfigurations, and they are entirely preventable once you understand how chain validation works. This guide explains the three certificate roles in a TLS chain, how browsers and clients validate them, every common failure mode, and the exact commands to diagnose and fix each one.
15 min
HTTP Security Headers: What They Do, How to Set Them, and How to Test Them
A valid TLS certificate and a properly configured redirect from HTTP to HTTPS are the baseline — but they leave a significant portion of your site's security surface unaddressed. HTTP security headers are response headers that browsers honor as instructions for how to handle your content: whether to allow it inside an iframe, what scripts are permitted to execute, and what data to share with external sites. This guide covers how to secure your site using response headers.
15 min
CAA Records Explained: How to Restrict SSL Certificate Issuance for Your Domain
Any Certificate Authority (CA) in a browser's trusted root store can, by default, issue an SSL/TLS certificate for any domain — including yours. This represents a significant security risk if a minor CA is compromised or its verification process is bypassed. CAA records (Certification Authority Authorization) allow you to specify exactly which CAs are authorized to issue certificates for your domain. This guide explains how to implement CAA records as a critical security control.
More Tool Categories
Or search across all 58+ tools in the full tool directory.