top of page

FireDaemon Certify One 4

Helping you verify the confidentiality, integrity, authenticity, and availability of encrypted communications.

Encrypted network communications using Transport Layer Security (TLS) protects users and organisations from exposing confidential in-transit data. It is imperative that individuals and businesses deploy and maintain valid and up to date SSL / TLS certificates on critical infrastructure including websites, login panels, forms, application servers, and wherever any other form of secure client / server communication is required. Verifying validity and tracking TLS certificate expiry can be challenging. FireDaemon Certify One is designed to assist you verifying and validating SSL / TLS certificates by scanning and reporting on the status of endpoints offering encrypted services. FireDaemon Certify One is based on OpenSSL.

Scan Targets and Scheduling





FireDaemon Certify One

4.0.8 May 2024

$25 per license per server or workstation

Compatible with Microsoft Windows

Release Notes | User Guide | Changelog

Features at a Glance

Web browsers and devices in general have become much stricter regarding handling TLS certificates. All major browsers will warn or block access to sites where the TLS certificate or certificate chain is invalid. Certificate lifespans have been reduced. Hence, it's important to be able to audit and report on certificate validity to ensure the certificate chain is intact and test whether certificates have been revoked or expired. Similarly, access may be blocked to a website if the certificate chain of trust (i.e. all certificates including the root CA certificate and any intermediate certificates) is incomplete, mis-ordered, revoked, or expired. FireDaemon Certify One provides the following:

Scan Multiple Targets

You can add multiple targets to scan. A target requires you to provide an IP address or hostname, port, and service type.

Graphical Scan Target Report

The Certify One Dashboard provides four graphs including Endpoint Status (targets organised by certificate validity), Certificates by Issuer (targets organised by Certificate Authority), Scan Result History (historical scan information), and Expiring Leaf Certificates (targets organised by certificate age).

Tabular Scan Target Report

The Certify One Scan Targets provides a tabular report on endpoints including hostname, port, resolved IPv4 and IPv6 addresses, validity, last checked date and time, certificate expiry date and time, TLS protocol, and cipher. One a per target basis you can review the details of the last scan, connection details, and connection log which includes DNS lookups and certificate verification. You can also hover over each target to obtain a summary of the last scan.

Scan Target Actions

If you right click on any target, the Target Actions context menu will be displayed where you can create a new target, edit or delete the existing target, clone an existing target, include/exclude the target from being scanned, view the certificate chain, initiate scans, delete the scan results, import and export targets.

Scheduled Scanning

You can edit the scan schedule to automate target scanning.  Scanning can be scheduled to occur on a daily, weekly, or monthly basis at specific times and dates.

Email Notifications

Whenever a manual or scheduled scan takes place, you can have a summary report sent to your inbox via email. This is configured in the Options dialog available via the FireDaemon Certify One hamburger menu.

Command Line Scanning

FireDaemon Certify One provides a simple command line interface (SSLClient.exe) for you to quickly check the certificate validity of a target or verify DNS CAA records.

Utilises OpenSSL

FireDaemon Certify One utilises the FireDaemon OpenSSL Binary Distribution cryptographic library.

FireDaemon Certify One Dashboard
bottom of page