This program makes an HTTPS connection to a server and reports the certificates provided by the server. The server can be a domain name or IP address, optionally with a port number. For example, "www.example.com" or "127.0.0.1" or "www.example.com:8000". The server name is included in the TLS client hello message.

The program then analyses the extent to which the certificates were signed using keys from browsers’ trusted roots, using trusted root certificates distributed by Apple, Mozilla, and Microsoft, as of June 2016.

Note: this program analyses only signatures. Correct signatures are a prerequisite to trust, but they don't imply trust. The program ignores other trust-related parts of the certificates, and doesn’t even have access to browser-specific trust settings. This version of the program does not check Elliptic Curve signatures.