SSL monitoring with a grade, not just an expiry date.
Most SSL monitors tell you one thing: when the certificate expires. Raptify checks every host daily and grades the whole TLS posture: protocols, cipher strength, key exchange, HSTS, trust stores, and known vulnerabilities, rolled into a letter grade anyone can read.
The grade
A weighted score that shows its work.
Every host gets a TLS posture score built from protocol support, key exchange, and cipher strength, capped for protocol, cipher, and vulnerability issues, then mapped to a letter. Certificate problems gate the grade outright. It is our own rubric, and the full math is on the report.
- Protocol support, key exchange, and cipher strength scored individually, with the reasoning under each.
- Concrete steps to reach A+, like enabling HSTS with a long max-age.
- Certificate expiry, trust store coverage, cipher suites, and known vulnerabilities checked on every run.
- Grade history kept per host, so a quiet TLS config change never slips by.
Compliance posture
Know where you stand against the standards that matter.
Every check evaluates your TLS transport posture against PCI-DSS, HIPAA, NIST 800-52r2, and Mozilla Modern guidance, with a plain pass or fail and the reason. It is not a certification audit, and we say so on the report; it is the early warning that keeps the real audit boring.
PCI-DSS
Taking cards means TLS requirements. See at a glance whether an enabled legacy protocol or weak cipher would trip a scan.
HIPAA and NIST 800-52r2
Transport security posture checked against federal guidance, with the failing item named when something slips.
Mozilla Modern
The strictest bar: TLS 1.3 only. Useful as a target even when you intentionally support older clients.
One dashboard
SSL and performance, side by side.
SSL checks live on the same monitors dashboard as your performance checks, so one glance covers both. Every domain shows its performance grade and its SSL grade together, with every host under it checked daily.
- Every subdomain gets its own SSL check and its own grade.
- Certificate expiry tracked per host, with days remaining on the report.
- Runs on the same account and plan as performance monitoring. Nothing extra to buy.
Questions
SSL monitoring, answered.
Is the grade an official rating?
No. It is Raptify's own rubric, and the report says exactly how it is computed: protocol support, key exchange, and cipher strength weighted and capped by issues. The point is a consistent measure you can track over time, not a badge.
Is this a compliance certification?
No. Raptify checks your TLS transport posture against PCI-DSS, HIPAA, NIST 800-52r2, and Mozilla Modern guidance. That covers the transport layer requirements those standards impose, not the full certification scope. Think of it as continuous readiness, not an audit.
How often are hosts checked?
Daily by default, with an on-demand check whenever you want one. Grade changes and approaching expiry show up on the monitors dashboard the same way performance regressions do.
What if my certificate is fine but my config is weak?
That is exactly the case expiry-only monitors miss. A valid certificate served over an old protocol with weak ciphers still earns a poor grade, and the report names the specific protocol or cipher holding you back.
Grade your TLS posture.
Tell us about your site and we will set you up as early access opens.