Core Workflow

Inspect connects to the HTTPS endpoint you specify, captures the presented certificate chain, evaluates server trust with Apple's platform trust engine, and renders the results in a format that is easier to review on a mobile device.

  • Enter a host name or HTTPS URL directly in the app.
  • Launch Inspect from the iOS share sheet for a page in Safari.
  • Review certificate details, fingerprints, policies, and key usage.
  • Export individual certificates from the chain as DER files.

Security Analysis

Inspect highlights common problems that matter during debugging and security review:

  • Trust failures and hostname mismatch
  • Expired or not-yet-valid certificates
  • Weak key sizes and weak signature algorithms
  • Suspicious CA usage or certificate-signing permissions on leaf certificates
  • Common interception and proxy products surfaced from certificate metadata

Current Technology

The current version is a full rewrite built with SwiftUI, Swift Package Manager, and current Apple platform APIs. It replaces the older extension-era implementation and legacy OpenSSL-style stack.

  • Swift 6
  • SwiftUI
  • Security framework
  • URLSession-based TLS capture
  • Apple `swift-certificates`, `swift-asn1`, and `swift-crypto`

Contact

For support or review-related questions, email hi@hewig.dev.