SSL Certificate Validator
Have you ever updated an SSL Certificate on one of your sites only to learn that the chain was invalid via angry user feedback, tweets, or phone calls into your call center?
My SSL Certificate Validator (chkcert.pl) can be used as an additional check to run against your site so that you can sleep somewhat easier knowing that you've got the right certificate chain in place.
At this time, this tool has not been tested heavily enough for me to say "Go ahead and stop using the validation tools that the CA's provide" but it's getting close!
The SSL Certificate Validator is written in Perl and uses features available as of Perl 5.10. The script requires the following modules, which are installable from the CPAN:
- Modern::Perl - written using version 1.20120130
- IO::Socket::SSL - written using version 1.58
- Mozilla::CA - written using version 20120118
- Getopt::Long - written using version 2.38
Usage
chkcert.pl has two arguments, --host and --port, both of which are required. If the hostname scanned is using a valid cert, chkcert.pl will tell you it's valid and will print the common name and any subject alternative names associated with that certificate. If the scan shows validation errors, a list of potential reasons why validation failed will be provided.
Note
Since chkcert.pl uses Mozilla::CA, always be sure to check your version of Mozilla::CA is up to date. This is easy with the cpan tool—once cpan is running, simply press "r" and hit enter. You'll be presented with a list of modules with upgrades available. Alternatively, once cpan is running, simply type "upgrade Mozilla::CA". If no upgrading is necessary, cpan will tell you.
Download
You can download it from the Techstacks Downloads section of this site.
