Website TLS Tests

  • Updated

Vanta has multiple tests that scan your websites TLS implementation to ensure that it is secure. These tests include:

Checking that your site's certificate has not expired

  • This test will fail as soon as the certificates expiration has been reached.

Checking for valid TLS configuration

  • This would include checking for valid certificates, valid certificate chains, and ensuring proper TLS versions are in use. You can validate TLS implementation by downloading openssl and running the following command:
openssl s_client -connect

Checking the all queries to your page redirect to HTTPS

  • This test checks that when a query is made to your company's website explicitly using port 80 (, a 301 redirect is received and automatically redirects clients to use https on 443. You can confirm this by running the following command on your machine using cURL:
curl -i

See this example of a valid setup using


If this command returns 200 OK, this means that your website can be accessed insecurely via http directly.

Checking that there are no weak ciphers available for use

  • This includes ciphers with known vulnerabilities, as well as ciphers that do not match or exceed the strength of the certificate key.


If Vanta states that there was trouble getting data for any or all of these tests, please update your business URL on the settings page in Vanta. We recommend using the format "":


Screenshot 2024-06-14 at 2.59.25 PM.png


This is the URL that Vanta uses to check for TLS configuration.

If you are looking for more information regarding why a certain TLS test may be failing, please use the SSL Labs test here, as it will provide much more detailed information on configuration issues in your environment. For example: