SSL Basics

Tools to check SSL status and validity

Posted on by SSLGuides

Here’s a detailed list of tools you can use to check SSL/TLS status, validity, and configuration for websites, along with what each tool does:

1. Online SSL Checkers

These tools are web-based and require no installation.

a) SSL Labs SSL Test

  • Checks: Certificate validity, chain, protocol support, cipher strength, and configuration issues.
  • Pros: Detailed report, overall rating (A+ to F), widely trusted.
  • How to use: Enter your domain and run the test. It analyzes every aspect of the SSL configuration.

b) SSL Checker

  • Checks: Certificate expiration date, issuer, common name, and whether intermediate certificates are installed correctly.
  • Pros: Quick, easy to read, good for expiration monitoring.
  • How to use: Enter your domain; it shows expiration and certificate chain details.

c) Why No Padlock

  • Checks: Mixed content issues (HTTP resources on HTTPS pages) in addition to SSL validity.
  • Pros: Great for website content validation, not just certificates.
  • How to use: Enter a page URL, and it will list insecure elements.

d) Geekflare SSL Test

  • Checks: Certificate details, chain issues, protocol support, vulnerabilities (Heartbleed, POODLE), and HTTP security headers.
  • Pros: Security-focused, fast, easy to understand.

2. Browser Tools

All modern browsers allow you to inspect SSL certificates directly.

  • Chrome / Edge / Firefox / Safari:
    1. Click the padlock icon in the address bar.
    2. View “Certificate” or “Connection Secure” details.
    3. Check: issuer, validity period, certificate chain, SANs (Subject Alternative Names).
  • Pros: No additional tools required.
  • Cons: Basic; doesn’t report vulnerabilities or weak cipher suites.

3. Command-Line Tools

For developers or server administrators, command-line tools provide precise control and scripting.

a) OpenSSL

  • Example command: openssl s_client -connect yourdomain.com:443 -servername yourdomain.com Then type QUIT to exit.
  • Checks: Certificate chain, server certificate, supported protocols.
  • Pros: Full control, can test specific ports or protocols.
  • Cons: Requires technical knowledge.

b) cURL

  • Example: curl -vI https://yourdomain.com
  • Checks: SSL handshake, protocol, and certificate info.
  • Pros: Lightweight, scriptable.
  • Cons: Limited detail compared to SSL Labs.

c) Nmap with NSE scripts

  • Command: nmap --script ssl-cert,ssl-enum-ciphers -p 443 yourdomain.com
  • Checks: Certificate validity, expiration, supported protocols, cipher strength.
  • Pros: Very detailed; can scan multiple hosts.

4. Monitoring Tools for Ongoing SSL Status

If you want to automatically monitor SSL certificates and expiration:

  • Certbot (with cron/automation) – For Let’s Encrypt certificates, automatically renews and reports status.
  • Nagios / Zabbix / Prometheus – Enterprise monitoring tools with SSL plugin checks.
  • StatusCake / UptimeRobot / Site24x7 – Online monitoring tools with SSL expiry alerts.
  • Cron Jobs + OpenSSL – You can script automated expiry checks and alerts.

5. Key Features to Check

When using these tools, make sure you check for:

  1. Expiration date – Avoid sudden certificate expiration.
  2. Certificate chain – All intermediate certificates must be installed.
  3. Supported protocols – TLS 1.2 or 1.3 only; SSL 2.0/3.0 should be disabled.
  4. Cipher strength – Weak ciphers like RC4 should not be supported.
  5. HSTS and security headers – For overall HTTPS security.
  6. Mixed content – Pages must load all assets over HTTPS.

Leave a Reply

Your email address will not be published. Required fields are marked *