So you’ve gone to the trouble of buying and installing an SSL certificate. How do know you installed it properly? Some would just test the site by trying it with their browser. The problem is that Internet Explorer and Firefox validate the certificate path differently. Firefox will install an intermediate certificate while IE doesn’t. IE validates the shortest path, while Firefox validates the full path. There are other desktop browsers such as Opera, Safari, and Chrome and then the mobile browsers. The best thing to do is to use an OpenSSL based tool to do your checking.
Entrust has such a tool. Once you install your new SSL certificate, all you need to do is key in your fully qualified domain name into Entrust SSL Install Check and click verify. The tool will validate your SSL certificate installation, confirm your IP address and server type and tell you if all chain certificates have been installed correctly. If any of the certificates are missing, the tool will provide instructions to fix the problem.
You can also check the status and validity of SSL certificates that you have previously installed. In addition to the checks above, SSL Install Check will tell you if the certificate has expired or has been revoked.
One tool I find very useful is the Public SSL Server Database / SSL Server Test tool at Qualys SSL Labs. This tool provides an overall assessment of how your web server has been configured for SSL. It provides a letter grade based on the SSL certificate, protocol support, key exchange and cipher suite. The scores are explained in an SSL Server Rating Guide.
For quick reference here is a list of the online SSL tools mentioned above: