SSL configuration terminology
Valid from and to
The date range during which the SSL certificate is valid.
CRL listing
Checks if the domain is listed by the CA authority in the Certificate Revocation List.
OCSP status
The Online Certificate Status Protocol is checked as an alternative to determine the revocation status of an X.509 standard SSL certificate.
Validation
Verify whether the domain name in the request is listed in the actual SSL certificate Common Name or Subject Alternative Name fields.
Self-signed
Certificates can be self-signed. they do not require a Certificate Authority to be valid. Your connection to self-signed certificates is encrypted but results in browser warnings. Malicious sites and applications may use self-signed certificates.
Supported protocols
Obsolete and non-recommended protocols supported by the certificate.
Cipher suites
The list of weaker cipher suites that can be used by the certificate.
Heartbeat extension and vulnerability
Checks if this extension is installed and has been fixed against the Heartbleed bug security issue on the target SSL certificate.
DNS record configuration
The Transport Layer Security Authentication (TLSA) is tested against recommended configurations.
DNS record configuration
The Transport Layer Security Authentication (TLSA) is tested against recommended configurations.
Debian blacklist status
Certificates listed in the Debian blacklist may represent significant security risks. This test results will indicate if the certificate public key is listed there.
OSCP stapling
This method should be enabled in order to provide a better user experience.