The SSL Checker tools facilitate the review of SSL certificates, as well as guide you to solve any problems that may arise. The requirements to start using it are not too many, you simply have to indicate the IP address or the domain name of your website. The tool you have chosen will do the analysis for you regarding its configuration and the security level of your website.
There are several web tools that you can use to quickly check the SSL status of your web server. If you’re in charge of a website, you don’t just have to worry about performance by applying load balancing tools, for example. Also, you should consider the security measures applied to it. Next, we are going to mention some of the most complete SSL review tools that can be accessed without prerequisites, that is, without having to register for the service.
An interesting advantage regarding these tools is that many of them belong to specialized security companies. Therefore, these tools act as a bridge for potential stakeholders interested in using other solutions. We suggest taking a look at the other solutions offered in order to expand our suite of web server management tools. Do you manage web servers in Linux? In this article we have created a complete guide to hardening Linux servers with essential practices to apply.
Qualys SSL Labs
It is only necessary to access the official portal of Qualys SSL Labs , enter the domain name you want to consult and, in a couple of minutes, the review will be ready. SSL Labs is characterized by having a high level of detail in relation to all the data it displays regarding the general configuration of the domain and its SSL status. In principle, a summary graphic appears indicating the letter that qualifies the domain. In the case of the example, it has a rating of B in which the graphics indicate that there are opportunities for improvement for Protocol Support .
So we also know which versions of TLS the web server that hosts it supports. In this case, the supported versions are 1.0 and 1.1 . However, you should add support for version 1.3 .
Below, we see details of the server and the certificate that is encrypted with the robust RSA algorithm of 2048 with SHA256 .
As we can see, the text highlighted in green indicates that the certificate that counts is trustworthy.
Continuing with the results tour, we see that there is a summary of the web server configuration. This summary begins to detail regarding the support of the TLS and SSL protocols. This case tells us that the server supports versions 1.0, 1.1, 1.2 and 1.3 of the TLS protocol. However, the yellow text points to versions 1.0 and 1.1 which are considered obsolete. This would be the reason why this domain is not rated A. It should support only the most recent versions.
Regarding the SSL protocol, it does not have any support, which is a good thing since it is considered deprecated.
Coming to the end of the results, we see more details regarding the supported and unsupported protocols.
At the end of the results report, a final file appears, indicating the date and time the test was performed, its duration, its HTTP status code and more.
Namecheap SSL Checker
This is one of the web tools available to have greater management control of your web domain. Namecheap SSL Checker does not require too many prerequisites, only the domain and port number on which the test will be performed. Generally, tests are done through port 443 .
Remember that port 443 is used by web servers to provide HTTPS web traffic in a more secure and private way. This, through SSL or TLS protocols. Also, this port is used by some VPN services to bypass limitations imposed by firewall rules.
At the beginning of the results report, it gives you an initial overview of the state. The consulted domain that was used for the example had no detected problems. Below, we can see information related to DNS. For example, the IP address by which the domain resolves and the Reverse IP lookup address.
You can also see a list of associated SANs. But what does SAN mean? They are the abbreviations in English of Subject Alternative Name . It refers to a structured way of indicating all the domain names and IP addresses that are associated with the certificate. This means that the same certificate can host multiple domains.
At the end of each test, an example of the OpenSSL protocol handshake is left. It gives us a demonstration of how the client and the web server negotiate to get to the instance of authentication. This, to ensure that communication between both parties in relation to web requests are given in a secure and private way.
Recommendation: you can run your tests much more quickly by editing the url:
https://decoder.link/sslchecker/amazon.com/443
You only have to add the bar “/” followed by the domain to be consulted, then a right bar plus “/” and finally the port number “443”. Then you paste it into the browser’s address bar and you’re done. You can now access the SSL Checker website with your test results available.
DigiCert SSL Installation Diagnostics Tool
In addition to knowing about the SSL status of your web domain, you can perform a review in search of known vulnerabilities. Just enter the domain name, click on the option to check for common vulnerabilities and you can start. In relation to the other tools mentioned and so many others, it provides all the essential data regarding the SSL status of your web server.
A common point of this type of tools is that you are free to test the domain you want. Regardless of whether it is yours or third party. However, it is recommended to treat the information obtained through the results with caution. Unfortunately, this information is already very useful for cybercriminals and thus carry out common cyber attacks on web servers such as DDoS.
As system administrators or web servers, these tests must be run periodically. Especially if the server has been maintained in any aspect of its infrastructure. Many of the tools show, for example, data regarding the validity of SSL certificates. If the web server comes to operate with expired certificates, it is greatly exposed to multiple vulnerabilities.
