Understand Your Website's Security. Beautifully.
A sophisticated SSL/TLS certificate analysis platform that provides deep insights into your website's certificate security, transparency logs, and cryptographic configurations.
Features β’ Quick Start β’ Documentation β’ Examples β’ Contributing β’ License
Aletheia (meaning "truth" in Greek) is a professional-grade SSL/TLS Certificate Intelligence Platform designed to demystify the complex world of digital certificates. Whether you're a security professional, developer, or website administrator, Aletheia provides crystal-clear insights into your website's certificate security posture.
Our platform combines real-time certificate analysis, historical tracking through Certificate Transparency logs, and beautiful visualizations to help you understand and maintain the security foundation of your web infrastructure.
Perform real-time TLS handshakes with any server to analyze:
- Current certificate validity and expiration
- Complete certificate chain visualization
- Cryptographic algorithm and key strength analysis
- Cipher suite configurations
- TLS version support and security level
- Subject Alternative Names (SANs) and domain coverage
- Digital signature validation
Monitor your certificate's evolution over time:
- Certificate Transparency (CT) log aggregation
- Automated certificate renewal pattern detection
- Subdomain discovery through CT logs
- Issuance timeline visualization
- Multiple certificate instances tracking
- Historical cipher suite changes
Get comprehensive security metrics:
- Security Grade - Algorithmic scoring based on industry standards
- Risk Assessment - Identify potential vulnerabilities and misconfigurations
- Compliance Report - Validation against PCI DSS, HIPAA, and GDPR standards
- Vulnerability Scanner - Detection of known security issues
- Trust Chain Analysis - Full certificate chain validation
- Performance Metrics - TLS handshake efficiency analysis
Professional, intuitive interface including:
- Interactive certificate chain diagrams
- Timeline scrubber for historical exploration
- Risk heat maps and security indicators
- Compliance status dashboards
- Responsive design for all devices
- Dark mode support for reduced eye strain
Learn while you analyze:
- Interactive glossary with 50+ cryptographic terms
- Security explanations with real examples
- Best practices and recommendations
- Threat vectors explained clearly
- Industry standards demystified
Generate professional reports:
- Complete certificate analysis export
- Security assessment summaries
- Historical timeline reports
- Compliance documentation
- Print-friendly formatting
Click to view platform features
Elegant interface with powerful domain search capabilities
Comprehensive certificate analysis with real-time data
Detailed cryptographic information and certificate structure
Interactive historical certificate tracking and renewal patterns
Professional security assessment and risk evaluation
Automated detection of security misconfigurations and vulnerabilities
- Node.js 18.17+
- pnpm 10.6+
- Modern Browser (Chrome, Firefox, Safari, or Edge)
# Clone the repository
git clone https://github.com/Ns81000/aletheia.git
cd aletheia
# Install dependencies with pnpm
pnpm install
# Set up environment variables (if any)
cp .env.example .env.local # If applicable
# Run development server
pnpm devThe application will be available at http://localhost:3000
# Build optimized production bundle
pnpm build
# Start production server
pnpm start
# Lint and format code
pnpm lint
pnpm format
# Type check
pnpm type-checkaletheia/
βββ app/ # Next.js App Router
β βββ layout.tsx # Root layout with ThemeProvider
β βββ page.tsx # Homepage with hero section
β βββ globals.css # Global styles
β βββ analyze/
β β βββ [domain]/ # Dynamic certificate analysis pages
β βββ api/
β βββ check-cert/ # Direct certificate checking API
β βββ ct-logs/ # Certificate Transparency logs API
βββ components/ # React components
β βββ dossier/ # Certificate analysis components
β βββ education/ # Educational components
β βββ layout/ # Layout components (Header, Footer)
β βββ results/ # Result display components
β βββ search/ # Search functionality
β βββ providers/ # Context providers
β βββ ui/ # Reusable UI components
βββ lib/ # Utility libraries
β βββ certificate/ # Certificate utilities
β βββ security/ # Security analysis functions
β βββ utils/ # General utilities
βββ types/ # TypeScript type definitions
βββ public/ # Static assets and screenshots
βββ tailwind.config.ts # Tailwind CSS configuration
βββ tsconfig.json # TypeScript configuration
βββ next.config.mjs # Next.js configuration
βββ package.json # Dependencies and scripts
| Technology | Version | Purpose |
|---|---|---|
| Next.js | 16.1+ | Framework for React with SSR & optimization |
| React | 19+ | UI library with modern hooks |
| TypeScript | 5.9+ | Type-safe JavaScript development |
| Tailwind CSS | 3.4+ | Utility-first CSS framework |
| Lucide React | 0.562+ | Beautiful icon library |
| jsPDF | 4.0+ | PDF generation |
| date-fns | 4.1+ | Date manipulation utilities |
| Zod | 4.3+ | TypeScript-first schema validation |
Direct certificate checking via TLS connection
// Request
POST /api/check-cert
{
"domain": "example.com",
"port": 443
}
// Response
{
"domain": "example.com",
"certificates": [...],
"tls_version": "1.3",
"cipher_suite": "TLS_AES_256_GCM_SHA384",
"security_score": 95,
...
}Certificate Transparency log search
// Request
GET /api/ct-logs?domain=example.com&includeSubdomains=true
// Response
{
"domain": "example.com",
"certificates": [...],
"count": 42,
"subdomains": ["api.example.com", "cdn.example.com", ...]
}- Domain validation and lookup
- Quick example shortcuts
- Error handling
- Side-by-side certificate analysis
- Highlight differences
- Version tracking
- Algorithmic scoring system
- Strength indicators
- Recommendations
- Vulnerability identification
- Risk categorization
- Remediation guidance
- Interactive chain visualization
- Root to leaf hierarchy
- Trust status indicators
SSL/TLS certificates are digital credentials that:
- Encrypt Data - Protect sensitive information during transmission
- Authenticate Servers - Prove a website's identity through a trusted authority
- Prevent Attacks - Defend against man-in-the-middle and impersonation attacks
- Ensure Compliance - Meet regulatory requirements (PCI DSS, HIPAA, GDPR)
Root CA (Self-signed, Trusted by browsers)
β
Intermediate CA (Signed by Root)
β
End-Entity (Your Website Certificate)
| Concept | Importance | Details |
|---|---|---|
| RSA/ECC | π΄ Critical | Key algorithm; 2048-bit RSA minimum |
| SHA-256 | π΄ Critical | Signature algorithm; standard for TLS |
| TLS 1.3 | π΄ Critical | Latest secure protocol; supports forward secrecy |
| AES-GCM | π High | Authenticated encryption; prevents tampering |
| Forward Secrecy | π High | Session keys not compromised if key stolen |
| HSTS | π High | Forces HTTPS-only connections |
- β Type-Safe - Full TypeScript for compile-time type checking
- β Secure Dependencies - Regular dependency updates and vulnerability scanning
- β CSP Headers - Content Security Policy protection
- β No Console Logs in Production - Removes debug information
- β Optimized Bundle - Tree-shaking and dead code elimination
- β Dark Mode - Reduces phishing attack vectors
When using Aletheia in production:
- Deploy via HTTPS - Always use TLS encryption
- Monitor CT Logs - Set up alerts for certificate issuance
- Validate Certificates - Verify critical domains regularly
- Check Compliance - Ensure standards adherence for regulated data
- Monitor Expiration - Set reminders for certificate renewal
- Review Chain - Verify trust chain integrity monthly
Aletheia is optimized for Vercel deployment with:
# One-command deployment
vercel deploy
# Or connect GitHub repository for automatic deployments
# 1. Push code to GitHub
# 2. Import project in Vercel dashboard
# 3. Automatic deployments on git pushVercel Configuration Ready:
- β Optimized build configuration
- β Next.js 16.1 compatibility
- β Environment variables support
- β Edge functions ready
- β Image optimization enabled
- β Serverless functions configured
# .env.local (required for deployment)
NEXT_PUBLIC_API_URL=https://yourdomain.com
NEXT_PUBLIC_GITHUB_REPO=https://github.com/Ns81000/aletheia- Image Optimization - WebP/AVIF format support
- Tree Shaking - Dead code elimination
- Code Splitting - Automatic route-based splitting
- Compression - Gzip/Brotli enabled
- Caching - Strategic cache headers
Aletheia includes comprehensive educational resources:
Explore cryptographic concepts including:
- TLS, SSL, RSA, ECC, ECDSA
- Certificate Authorities, Chain of Trust
- Cipher Suites, Key Exchange Methods
- Security Standards (PCI DSS, HIPAA, GDPR)
- Attacks (MITM, Downgrade, Zero-Day)
- Hover tooltips for quick definitions
- Related concept links
- Security best practices
- Real-world examples
# Start development server with hot reload
pnpm dev
# Run TypeScript type checking
pnpm type-check
# Lint code with ESLint
pnpm lint
# Format code with Prettier
pnpm format
# Build for production
pnpm build
# Start production server
pnpm start- TypeScript - Strict mode enabled
- ESLint - Next.js recommended rules
- Prettier - Consistent formatting with Tailwind plugin
- Tailwind - Utility-first CSS
- Zod - Runtime schema validation
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
Areas for Contribution:
- Additional security analysis features
- Performance optimizations
- Educational content expansion
- UI/UX improvements
- Internationalization (i18n)
- Test coverage
- β Real-time certificate analysis
- β CT log integration
- β Security scoring
- β PDF export
- β Dark mode support
- π Extended validation detection (EV)
- π Automated renewal monitoring
- π Slack/Email alerts
- π API endpoint integration
- π Multi-domain comparison
- π Team accounts and collaboration
- π Batch certificate checking
- π Historical comparison reports
Aletheia is open source and welcomes contributions from the community!
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit changes with clear messages (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Write clear, documented code
- Add tests for new features
- Follow TypeScript and ESLint rules
- Update README for user-facing changes
- Maintain responsive design principles
Please be respectful and constructive in all interactions. We're building a welcoming community.
This project is licensed under the MIT License with attribution requirement.
You must:
- β Include the original license and copyright notice
- β State changes made to the code
- β Distribute the license with the software
- β Credit the creator: Ns81000
You can:
- β Use commercially
- β Modify the code
- β Distribute copies
- β Use privately
- β Sublicense
You cannot:
- β Hold the author liable for damages
- β Remove license or copyright notices
See LICENSE for full details.
- GitHub Repository: https://github.com/Ns81000/aletheia
- Issue Tracker: GitHub Issues
- Discussions: GitHub Discussions
- Documentation: This README
- Next.js - React framework
- React - UI library
- Tailwind CSS - CSS framework
- TypeScript - Type safety
- Lucide Icons - Icon library
- Certificate Transparency Logs - Historical data
- Mozilla Developer Network - Security education
- OWASP - Security best practices
- Qualys SSL Labs - Certificate analysis reference
Q: Is my certificate data safe? A: Yes! Aletheia performs direct connections and only reads public certificate information. No data is stored or transmitted to third-party servers.
Q: Does Aletheia work with private certificates? A: Yes! You can analyze any server you can connect to. Private certificates will show warnings as expected.
Q: How often is data updated? A: Real-time analysis shows current status. CT logs are aggregated from public sources and updated regularly.
Q: Can I use Aletheia commercially? A: Yes, under the MIT License. You must include attribution and the license notice.
Q: How do I report security issues? A: Please email security concerns privately rather than opening public issues.
Q: Can I self-host Aletheia? A: Absolutely! Deploy to any Next.js-compatible hosting (Vercel, Netlify, Docker, etc.).
- 50+ Cryptographic terms in glossary
- 6 Core feature categories
- 100% TypeScript coverage
- 95+ Lighthouse performance score
- Responsive design supporting all devices
- Dark mode for accessibility
Use the quick example shortcuts on the homepage to test popular domains instantly.
Check your certificates monthly for upcoming expiration dates.
Use the comparison view to identify changes in certificate configurations.
Generate PDF reports for documentation and compliance purposes.
Copy the URL to share specific certificate analyses with team members.
- Check the FAQ above
- Search existing Issues
- Read the Documentation
- Open a Discussion
- Report a Bug
Star on GitHub β’ Report Issues β’ Share Ideas
Copyright Β© 2024-2026 Ns81000 β’ Aletheia Project
"Truth in every certificate, security in every connection"