FTPS Certificate Checker

Inspect the TLS certificate of an FTPS server — expiry date, issuer, subject, and whether the certificate is self-signed.

Common errors explained

550

SSL/TLS required on the control channel. You are using Implicit mode (port 990) but your server uses Explicit FTPS (AUTH TLS on port 21). Switch the encryption mode to Explicit / STARTTLS and set the port to 21.

TLS

TLS handshake failed / connection refused on port 990. Your server uses Explicit FTPS on port 21, not Implicit on port 990. Switch the mode to Explicit / STARTTLS.

534

Request denied for policy reasons. Same as 550 above — try switching to Explicit mode on port 21.

Not sure which mode your server uses? Try the FTP Port Checker to see which ports are open, or check your server's admin panel.

What does this tool check?

Certificate subject — the domain or hostname the certificate was issued for.
Issuer & CA chain — whether the certificate is signed by a trusted Certificate Authority.
Expiry date — days remaining before the certificate expires.
Self-signed flag — whether the certificate is self-signed (common in private FTP setups).
Thumbprint — SHA-1 fingerprint for pinning and manual verification.