EVNark is a script that can be used to check whether a web site is utilizing an extended validation certificate or not. The current version is able to validate whether a certificate is an extended validation one or not from 23 different Certificate Authorities. Other than the ssl handshake, no data is exchanged between the script and the web site you are checking. The script was born from a desire to figure out how browser writers and CA's were determining how an extended validation certificate was displaying the green bar to end-users.
Written in groovy, evnark does not utilize any additional modules other than what is included in the JVM. By default, it will utilize whatever your default cacerts file is for your JVM. All you need to run it is a stock groovy installation.
Command Line Syntax
EVNark accepts two command-line arguments, -h/--host for the hostname you'd like to check and -p/--port for the port number. -p/--port is optional. If left out, port 443 is assumed. EVNark has some exception handling and by default will timeout an unsuccessful request after 5 seconds. EVNark should gracefully quit if the following exceptions are received:
- If the hostname verification failed
- If the connection times out. (Default is 5000 ms, which you can increase to whatever you want)
- If the port number you are connecting to does not appear to be an ssl port
- If the certificate peer can not be verified
Note on certificate peer verification: EVNark uses the default cacerts file of your JVM. If a root certificate is not included within your JVM's cacerts file, evnark is not going to be able to validate a certificate.
- v0.1: Released August 2010. Initial version. Blog post announcement: Groovy: Extended Validation Certificate Determination
- v0.2: Released October 2010. Added additional CA's. Added some additional exception handling. Announcement Post: Groovy: EVNark v0.2 - Validate SSL EV Certs
- v0.3: Released October 2010. Codenamed: "Snarky" Now displays "green bar" on success in Linux-compatible terminals. Announcement Post: Groovy: EVNark v0.3 Released - "snarky"
- v0.3.5: Released Novenber 2010. Added more CA EV OIDs. Announcement Post: Groovy: New EVNark Release - v0.3.5
- v0.4: Released April 4, 2011. Added three more CA EV OIDs. Cleaned things up a little bit more. Announcement Post: Groovy: evnark 0.4 Released