Hacker News new | ask | show | jobs
by matthewmueller 844 days ago
Would love a tool that checks your website for these problems.
6 comments
creshal 844 days ago
https://www.ssllabs.com/ covers most (if not all?) server-side problems.
link
loloquwowndueo 844 days ago
I use sslcheck for this. https://pypi.org/project/sslcheck/

Badssl is good to see how clients react to a badly configured certificate, which is a different thing from checking whether your certificate or web site are badly configured.

link
stayallive 844 days ago
I felt the same so I've built https://cert.chief.app.

Also had to find another source for revoked test certificates for the homepage examples and found them here: https://www.ssl.com/sample-valid-revoked-and-expired-ssl-tls.... The badssl ones are expired too which means they are no longer revoked since revocation only lasts the lifetime of the certificates, which makes sense of course.

link
jasoncartwright 844 days ago
https://www.ssllabs.com/ssltest/
link
wolfskaempf 844 days ago
You’re in luck because such a tool exists :) https://testssl.sh/
link
efortis 844 days ago
https://Hardenize.com

Its founder, Ivan Ristić, has nice books as well.

link