Introduction
The SSL Checker tool allows you to quickly diagnose problems with your SSL certificate installation and also gives you some useful information like when your SSL certificate would expire, the issuer of the certificate, and more.
As a Linux terminal lover and a person who lives in the shell, I've decided to write a small script which does similar checks to the SSL checker but rather than having to visit the SSL shopper website each time and enter my domains in the domain box, I could instead run a simple command in my terminal and quickly get the same information.
About the script
This BASH script will quickly scan your domain name and provide you with very useful information like:
* The domain name that the SSL certificate has been issued for
* The number of days the SSL certificate expires in:
* The dates when the certificate was issued on and expires on
* The certificate has been issued by:
* Supported TLS versions
* Certificate Fingerprint
You can run it on any Linux server without root or sudo access.
All you need is a Linux terminal and openssl installed!
The link to the repository of the script:
https://github.com/bobbyiliev/bash-ssl-checker-tool
If you notice any issues with the script, make sure to report an issue or submit a pull request!
Downloading the script
In order to download the script, you can either clone the repository with the following command:
git clone https://github.com/bobbyiliev/bash-ssl-checker-tool.git
Or run the following command which would download the script in your current directory:
wget https://raw.githubusercontent.com/bobbyiliev/quick_access_logs_summary/master/spike_check
The script does not make any changes to your system, it only uses the openssl command and summarizes your domain name's SSL information for you, however, once you've downloaded the file, make sure to review the content yourself.
Running the script
All that you have to do once the script has been downloaded is to make it executable and run it.
To do that run the following command to make the script executable:
chmod +x ssl
Then run the script:
./ssl yourdomain.com
Make sure to change the yourdomain.com part with your actual domain name.
The script would then check if the domain name that you've specified is valid and it would run the checks for you pretty quickly and you would get the output directly in your terminal.
Understanding the output
Once you run the script, the output that you would see should look something like this:
What the script does is simply to use OpenSSL command-line tool and format the output so that with a quick glance you could see the most important information for your SSL certificate like how many days are left until the expiration date of your certificate, when exactly the certificate would expire, who issued the certificate and more.
Of course, you could run the openssl commands directly without the need of a script, however, the openssl commands which you would need to run are quite lengthy and difficult to memorize.
For example, this is the command which you would need to run in order to find the domain name that the certificate has been issued for:
openssl s_client -servername bobbyiliev.com -connect bobbyiliev.com:443 2>/dev/null | openssl x509 -noout -subject | sed 's/subject=/Domain: /'
Instead you could just have the script by your side and only run:
./ssl bobbyiliev.com
Conclusion
This simple BASH script allows you to gather some useful information about your SSL certificate directly in your terminal!
If you notice any issues please give me a poke so I could try and patch them!
For all of my demos I use DigitalOcean, you can use my referral link to get a free $100 credit that you could use to deploy your virtual machines and test the guide yourself on a few DigitalOcean servers:
Hope that this helps!
Bobby
Comments (0)