Third-party-Tools to check your configuration - Discussion

JuergenAuer · November 1, 2018, 2:38pm

Managing Letsencrypt certificates - sometimes it's difficult. So there is a closed topic with some annotations.

Third party Tools to check your configuration

If a link is broken or if you have ideas - send a PM or use this topic.

tdelmas · October 31, 2018, 5:06pm

https://observatory.mozilla.org/ is usefull too (For the TLS scanner mainly)

https://dnssec-analyzer.verisignlabs.com for DNSSEC

https://tools.keycdn.com/ipv6-ping to test the IPv6 connectivity from different locations

maybe off topic : https://hstspreload.org/

stevenzhu · October 31, 2018, 5:39pm

https://tools.keycdn.com/curl Online curl tool
https://www.mxtoolbox.com/ Check if a record is available from all authoritative NS server.

JuergenAuer · October 31, 2018, 5:51pm

Thanks. Added both, aggregated. If a site has a lot of tools, the start page or the page with the complete tool list is preferred.

One day later: Created this discussion topic and moved the replies.

_az · November 1, 2018, 7:49pm

https://tools.letsdebug.net/cert-search - compared to crt.sh, it understands the PSL, understands Let’s Encrypt’s rate limits, and de-duplicates poisoned/real certificates. Since crt.sh is no longer significantly delayed since some weeks now I’m not sure there’s a great reason to continue to prefer Google’s aggregator over crt.sh.

Edit: looks like I got IP banned by crt.sh, hold off on this suggestion until I can address it …

Edit 2: we wern’t banned, they rotated their IPv4 address and I had them /etc/hosts'd from a time when their IPv6 was flakey. Whoops.

JuergenAuer · November 1, 2018, 9:59pm

Thanks - added with the start page.

ahaw021 · November 2, 2018, 3:00am

WeakDH.org
https://weakdh.org/sysadmin.html

Cipher.list
https://cipherli.st/

OWASP: https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet

OpenSSL and NMAP - not every server is exposed to the web so offline tools should be included as well

SSLYZE - python checker

Censys - CT searching via API https://censys.io/

Keychest - CT proactive alerts https://keychest.net/

My Own Tool which i use for mail protocols (STARTTLS can be tricky to troubleshoot) https://github.com/ahaw021/SSL-MAIL-PROTOCOLS-TESTING

JuergenAuer · November 4, 2018, 9:51pm

Thanks. Added some links. The main focus are online tools with interactive checks.

kavabill · November 14, 2018, 6:21am

Just wanted to add to the list of DNS utilities:
https://www.grc.com/dns/dns.htm
very decent I believe.

JuergenAuer · December 4, 2018, 9:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

tdelmas · December 30, 2018, 11:43pm

https://unboundtest.com/ from SERVFAIL looking up TXT (IDNA or DNSSEC issues?)

JuergenAuer · January 6, 2019, 5:28pm

Thanks, now added. Changed the order, so the (now) three tools of active members are listed as (1).

Topic		Replies	Views
Third-party-Tools to check your configuration Help	3	25804	November 1, 2018
What DNS checkers should people use? Site Feedback	30	5652	September 3, 2017
New Chain Checker Tool Client dev	15	2206	November 3, 2021
Keychest.net - spot checks and get organized for cert renewals Server	4	1576	July 11, 2017
Request: Recommended Server Configurations Feature Requests	6	1293	March 13, 2017

Third-party-Tools to check your configuration - Discussion

Related topics