On-Demand TLS Reports for Any Domain with SSLBoard

On-Demand TLS Reports for Any Domain with SSLBoard

Product Tls

For the past few years, SSLBoard was a subscription service. You signed up, added your domains, and it scanned them daily. It tracked certificate expiry, surfaced deployment issues, and sent alerts. It worked, but it also carried the friction that comes with any SaaS: accounts, onboarding, pricing tiers, and the implicit promise that you’d keep paying to keep watching.

We scrapped all of that.

What SSLBoard is now

SSLBoard is now an on-demand TLS posture report. You type a domain, wait a few minutes, and get a structured assessment of everything that matters about its public TLS configuration. No setup, no onboarding — just a domain and a scan button.

Every report starts with a scored overview and prioritized findings. You see exactly what’s wrong, how severe it is, and which hosts are affected. When you need the full picture — detailed data tables, per-host breakdowns, exportable CSV — you unlock the complete report.

The report covers:

  • Certificates — expiration timelines, issuer distribution, key strength, and SAN coverage across every discovered host.
  • TLS versions — which endpoints still negotiate TLS 1.0 or 1.1, which support 1.3, and the specific CVEs associated with deprecated versions.
  • Cipher suites — weak ciphers (3DES, RC4, EXPORT, NULL, CBC-mode issues) mapped to the hosts that still accept them.
  • Forward secrecy — which endpoints support PFS and which don’t, broken down by implementation quality.
  • Key analysis — RSA vs. ECC distribution, key sizes, and hosts that are RSA-only.
  • HTTP security — redirect behavior and HSTS header presence across every hostname.
  • Connection errors — self-signed certs, chain issues, name mismatches, and other handshake failures.
  • Post-quantum readiness — which endpoints already negotiate hybrid key exchange and which still need migration.

Each report produces a weighted score broken down by category, so you can track improvement or compare across domains.

Why we changed direction

The SaaS model assumed a specific workflow: teams would set up SSLBoard once, check it regularly, and rely on it as a persistent monitoring layer. In practice, most people wanted to answer a simpler question: how does our TLS look right now?

They didn’t want another dashboard to babysit. They wanted to run a scan before a compliance review, during an incident, when evaluating a vendor, or after a certificate rotation — and then move on.

An on-demand report fits that pattern. It’s the difference between installing a weather station and checking the forecast.

What this means in practice

For security teams — Run a scan before an audit or after a major infrastructure change. Share the report link with stakeholders who need to see the findings without needing their own login.

For DevOps and platform engineers — Validate that a certificate rotation actually landed everywhere. Catch the one load balancer node that’s still serving the old cert, the IPv6 endpoint that got missed, or the staging subdomain that expired three months ago.

For compliance and risk — Get a structured document with detailed tables that map directly to the controls you need to evidence. Unlock the full report to export CSV data for your records. No screenshots of dashboards.

For anyone evaluating a third party — Type their domain and see what their public TLS posture looks like. The scan only touches public endpoints, so there’s nothing to coordinate.

What we kept

The core analysis engine is the same one we built over the past years. Certificate Transparency log ingestion, active endpoint scanning across all resolved IPs, full TLS handshake analysis including cipher negotiation, and post-quantum readiness detection. None of that changed.

What changed is the delivery: instead of a dashboard you log into, you get a report you can read, share, and act on immediately.

What’s next

We’re continuing to expand the depth of the report — richer scoring models, historical comparison, and deeper PQC analysis as the ecosystem evolves. The format will stay the same: type a domain, get the answers.

If you’ve been putting off a TLS review because you didn’t want to set up another tool, that excuse is gone now.