This is the eighth in our series of insights which seek to explore and simplify the topic of SSL (and TLS) in the context of web application hosting. In our previous insight, we looked at Mixed Content Warnings; in this insight, we’ll explore testing and tools.
Simple Tools
Purely.Tools TLS We’ve built a simple tool for you to check the SSL and TLS versions on any website; simply enter your URL at purely.tools TLS version support tester and hit Go. Purely.Tools SSL We’ve built another simple tool to check the status of your SSL certificate in use on any website; just enter your URL at purely.tools SSL information tester and hit Go.
Complete Tools
Qualys SSL Server Test The SSL Labs tester from Qualys is something of an industry standard for checking the correct configuration of your SSL, TLS and web server settings, providing an easy-to-understand A-E rating, a list of supported Browsers/OS with your current configuration and any problems it finds. We recommend ensuring the “Do not show the results on the boards” option is checked when scanning to avoid highlighting yourself as a potential target. testssl.sh With all the features of the Qualys tester but 100% open source, the testssl.sh command line utility gives more customisation and can automate your testing.
Manual Tools
Several local tools exist for the manual testing of SSL certificates, from PowerShell to curl, OpenSSL and certutil.
Keep updated with the latest from Pipe Ten by subscribing below.
More in the Simplifying SSL/TLS series
- SSL Basics – What is SSL?
- SSL Certificate Terminology
- EV vs DV vs OV vs FREE SSL Certificates
- Certificate Authorities and The Signing Process
- TLS and Versions
- Web Server Headers
- Mixed Content Warning
- Testing & Tools
Author: Carl Heaton
Carl is a founder of Pipe Ten and uses his role as Technical Director to drive the company’s vision to transform business online in delivering it’s mission to forge agile technical partnerships that accelerate web success. Carl boasts an illustrious career spanning over two decades, starting as a fledgling web developer in his teens, he swiftly ascended the ranks, honing his skills in architecting secure web application infrastructure. With his finger on the pulse of emerging web technologies, Carl has tracked and influenced the ever changing world of cyber security, internet governance, industry regulations and information security compliance ensuring Pipe Ten successfully achieved and maintain ISO/IEC 27001 certification.