Any online business has to have a "padlock" (HTTPS) to appear high in Google search. The problem is that
padlocks expire and if you fail to renew them on time, users can't visit your website at all!
We believe you have better things to do than checking padlocks all the time. KeyChest does it for you.
It is a set-and-forget system with features to support your
IT teams if you need them. We introduce monitoring first. Automation of renewals is on its way.
The first thing many of us need is to learn about expiring keys - KeyChest offers that as a FREE service.
Subscription-based KeyChest PRIME provides detailed health information and real-time notifications.
Give it a go by typing a domain name in this form. It will
help you find the right domain with its over 6,000,000,000 entries in its lookup table. (Yes, we do keep
an eye on the whole world.)
KeyChest BETA - certificate expiry monitor and server status for HTTPS, TLS, Letsencrypt
to get 100% uptime for your web services Free or KeyChest Prime from $1 per month
Welcome to KeyChest - Your Key Manager
KeyChest is a management system for your internet keys and certificates. All you have to do
is type your internet domain above and we will show you how KeyChest can help you.
KeyChest is designed as a set-up-and-forget service, which only tells when something needs
your attention. It continuously discovers your new keys and audits their properties.
If you just want to make sure that your online business is up and running, you only tell us
its address and we take care of the technical details.
We let larger users, or experts adjust KeyChest so that it fits into the way they manage
networks and computers.
If you decide to use our big switch for detailed audit and real-time services, we let
you know when the cost increases and you have time to revert any changes you don't want.
Feel free to email us at email@example.com,
if you have in mind particular details or a feature you’d like to see.
Service Audit is a powerful tool for a quick assessment of the HTTPS/TLS configuration of your servers. If you
need more detailed audit results, you need to create an account.
KeyChest resolves the name of a server you provide and runs a series of tests against one of resolved addresses.
It does not follow HTTP redirects, but it shows if one is in place so you can follow the link manually. If
there are more IP addresses you can see the list and use it to check a particular IP address, if appropriate.
The result is displayed as a series of indicators (green - OK, red - failed), with an overall score provided as
a letter between F - A+. F is used when the audit tool doesn't receive any response. The audit result also
adds a brief text description for the first failure it encounters and some suggestion of what could go wrong.
The list of audit tests:
DNS configuration - resolving IP addresses from your server name;
Server detection - warning if ther is no server at all listening at the given server and port;
SSL detection - if your server uses insecure version SSL2 or SSL3, it will be displayed (see errors below);
certificate expiration - how many days till the certificate expires;
downtime - downtime during the last 2 years; CT logs data amended with server checks if this data is
trust chain - whether the server provides a complete chain of certificates needed
certificate issuer - it shows the name of the certificate issuer (if set);
list of neighbors - the list of all names in the certificate;
hostname match - whether the name(s) in the certificate contain the server's name;
HSTS - if the HSTS (HTTP Strict Server Security) is enabled;
HTTP redirection - an active redirection, which sends web browsers to another server;
IPv6 configuration - we start checking IPv6 addresses, if available, this may be of interest for successful
deployment of Let's Encrypt certificates; and
IP addresses - a list of all IP addresses available in the KeyChest's geographic region.
Possible errors returned by the TLS/HTTPS scanner are:
Domain lookup error - we can't get a valid IP address.
Connection error - no server listening on the server and port given.
Timeout - no response from the server, often due to a firewall protection.
No TLS/HTTPS server found - a server detected, but it doesn't use SSL/TLS.
TLS handshake error - error during a TLS handshake - possible an insecure version (SSL2, or SSL3).
If you are not sure the results you can see are correct, or have any other question, please let us know at
firstname.lastname@example.org or use
a support form to get in touch.