EVNark is a script that can be used to check whether a web site is utilizing an extended validation certificate or not.  The current version is able to validate whether a certificate is an extended validation one or not from 23 different Certificate Authorities.  Other than the ssl handshake, no data is exchanged between the script and the web site you are checking.  The script was born from a desire to figure out how browser writers and CA's were determining how an extended validation certificate was displaying the green bar to end-users.

Written in groovy, evnark does not utilize any additional modules other than what is included in the JVM.  By default, it will utilize whatever your default cacerts file is for your JVM.  All you need to run it is a stock groovy installation.

Command Line Syntax

EVNark accepts two command-line arguments, -h/--host for the hostname you'd like to check and -p/--port for the port number.  -p/--port is optional.  If left out, port 443 is assumed.  EVNark has some exception handling and by default will timeout an unsuccessful request after 5 seconds.  EVNark should gracefully quit if the following exceptions are received:

  • If the hostname verification failed
  • If the connection times out.  (Default is 5000 ms, which you can increase to whatever you want)
  • If the port number you are connecting to does not appear to be an ssl port
  • If the certificate peer can not be verified

Note on certificate peer verification:  EVNark uses the default cacerts file of your JVM.  If a root certificate is not included within your JVM's cacerts file, evnark is not going to be able to validate a certificate.

Release History

Downloads are available for v0.4 in gzip and zip format.