When you’re working as a web engineer or system administrator, you’ll often need to debug SSL/TLS related issues. There are plenty of online tools for testing SSL vulnerabilities, but when it comes to testing intranet based VIP, URL, IP they won’t be very helpful. If you’re looking to troubleshoot intranet resources, you will need a standalone software/tool which can easily be installed in your network. There’s a number of scenarios where this could be helpful:
- If you’re having issues your web server during SSL implementation
- When you want to make sure the latest protocol is in use
- As a way to verify the configuration post implementation
- If a security risk has been found after a penetration test result
If you’re struggling with any of these issues the following SSL troubleshooting tools will be able to help.
DeepViolet is a java based SSL troubleshooting tool that is available in binary or can be compiled with source code. If you’re looking for an alternative option to SSL Labs for use on an internal network, this is a great option! This tool will test for the following:
- A weak signing algorithm
- Certificate expiry status
- Weak cipher exposed
- Certification revocation status
- Visualize trust-chain, self-signed root
If you choose to use this troubleshooting tool you will quickly be able to evaluate the SSL strength of your site. This works on HTTPS as well as SMTP, SI, FTPS and POP3.
If you’re unfamiliar with this tool, SSLyze is Python library and command line tools. These connect to the SSL endpoint and will perform a scan to identify any SSL miss-configurations. This is a fast test and if you are a software developer, you can easily write the result in JSON format.
Make sure you don’t underestimate how useful OpenSSL can be. This is one of the more powerful standalone tools that is available on both Windows and Linux. OpenSSL can be used to perform various SSL related tasks. This includes CSR generation, verification and more!
SSL Labs Scan
If you are looking for a new command line tool, look no further than SSL Labs Scan. This is great if you’re looking to bulk test or start automated testing.
The SSL Scan troubleshooting tool is compatible with MAC, Windows and Linux. This a great option if you are looking to identify a number of different metrics including verifying TLS compression, highlighting null/anonymous ciphers and much more. If you’re worried about a cipher related issue, the SSL Scan tool would be extremely helpful for troubleshooting.
This tool can either be built from source or you can download binary for OSX and Linux. This troubleshooting tool will extract information from the server and give you these specific metrics in JSON format:
- Your session reuse checks
- TLS compression checks
- Host name verification checks
- Cipher enumeration checks
This is an open source tool that can be used to verify the certificate. It will also support the ciphers and protocol on SSL Labs.
Have you tested out any of these handy SSL troubleshooting tools before? Let us know in the comments below.