Welcome to new KeyChest - service for safe encryption
I have run KeyChest as a completely free service since August 2017 and it now has 1,600 user accounts
and audits almost 90,000 domain names. I love the service and want to massivelly expand it with new features
that you want.
While KeyChest remains free, we have introduced KeyChest Prime. It's a paid service for larger users
and users who need instant updates. Look inside to find out more and get in touch if you have any question or
ideas how to improve KeyChest.
Click anywhere to hide this text
KeyChest - certificate expiry monitor and server status for HTTPS, TLS, Letsencrypt
ensure uptime of your web services
Welcome to KeyChest - Your Key Manager
KeyChest is a management system for your internet keys and certificates. All you have to do
is type your internet domain above and we will show you how KeyChest can help you.
KeyChest is designed as a set-up-and-forget service, which only tells when something needs
your attention. It continuously discovers your new keys and audits their properties.
If you just want to make sure that your online business is up and running, you only tell us
its address and we take care of the technical details.
We let larger users, or experts adjust KeyChest so that it fits into the way they manage
networks and computers.
If you decide to use our big switch for detailed audit and real-time services, we let
you know when the cost increases and you have time to revert any changes you don't want.
Feel free to email us at email@example.com,
if you have in mind particular details or a feature you’d like to see.
Service Audit is a powerful tool for a quick assessment of the HTTPS/TLS configuration of your servers. If you
need more detailed audit results, you need to create an account.
KeyChest resolves the name of a server you provide and runs a series of tests against one of resolved addresses.
It does not follow HTTP redirects, but it shows if one is in place so you can follow the link manually. If
there are more IP addresses you can see the list and use it to check a particular IP address, if appropriate.
The result is displayed as a series of indicators (green - OK, red - failed), with an overall score provided as
a letter between F - A+. F is used when the audit tool doesn't receive any response. The audit result also
adds a brief text description for the first failure it encounters and some suggestion of what could go wrong.
The list of audit tests:
DNS configuration - resolving IP addresses from your server name;
Server detection - warning if ther is no server at all listening at the given server and port;
SSL detection - if your server uses insecure version SSL2 or SSL3, it will be displayed (see errors below);
certificate expiration - how many days till the certificate expires;
downtime - downtime during the last 2 years; CT logs data amended with server checks if this data is
trust chain - whether the server provides a complete chain of certificates needed
certificate issuer - it shows the name of the certificate issuer (if set);
list of neighbors - the list of all names in the certificate;
hostname match - whether the name(s) in the certificate contain the server's name;
HSTS - if the HSTS (HTTP Strict Server Security) is enabled;
HTTP redirection - an active redirection, which sends web browsers to another server;
IPv6 configuration - we start checking IPv6 addresses, if available, this may be of interest for successful
deployment of Let's Encrypt certificates; and
IP addresses - a list of all IP addresses available in the KeyChest's geographic region.
Possible errors returned by the TLS/HTTPS scanner are:
Domain lookup error - we can't get a valid IP address.
Connection error - no server listening on the server and port given.
Timeout - no response from the server, often due to a firewall protection.
No TLS/HTTPS server found - a server detected, but it doesn't use SSL/TLS.
TLS handshake error - error during a TLS handshake - possible an insecure version (SSL2, or SSL3).
If you are not sure the results you can see are correct, or have any other question, please let us know at
firstname.lastname@example.org or use
a support form to get in touch.