Third-party-Tools to check your configuration - Discussion

Managing Letsencrypt certificates - sometimes it's difficult. So there is a closed topic with some annotations.

Third party Tools to check your configuration

If a link is broken or if you have ideas - send a PM or use this topic.

https://observatory.mozilla.org/ is usefull too (For the TLS scanner mainly)

https://dnssec-analyzer.verisignlabs.com for DNSSEC

https://tools.keycdn.com/ipv6-ping to test the IPv6 connectivity from different locations

maybe off topic : https://hstspreload.org/

1 Like

https://tools.keycdn.com/curl Online curl tool
https://www.mxtoolbox.com/ Check if a record is available from all authoritative NS server.

2 Likes

Thanks. Added both, aggregated. If a site has a lot of tools, the start page or the page with the complete tool list is preferred.

One day later: Created this discussion topic and moved the replies.

1 Like

https://tools.letsdebug.net/cert-search - compared to crt.sh, it understands the PSL, understands Let’s Encrypt’s rate limits, and de-duplicates poisoned/real certificates. Since crt.sh is no longer significantly delayed since some weeks now I’m not sure there’s a great reason to continue to prefer Google’s aggregator over crt.sh.

Edit: looks like I got IP banned by crt.sh, hold off on this suggestion until I can address it …

Edit 2: we wern’t banned, they rotated their IPv4 address and I had them /etc/hosts'd from a time when their IPv6 was flakey. Whoops.

3 Likes

Thanks - added with the start page.

WeakDH.org
https://weakdh.org/sysadmin.html

Cipher.list
https://cipherli.st/

OWASP: https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet

OpenSSL and NMAP - not every server is exposed to the web so offline tools should be included as well

SSLYZE - python checker

Censys - CT searching via API https://censys.io/

Keychest - CT proactive alerts https://keychest.net/

My Own Tool which i use for mail protocols (STARTTLS can be tricky to troubleshoot) https://github.com/ahaw021/SSL-MAIL-PROTOCOLS-TESTING

1 Like

Thanks. Added some links. The main focus are online tools with interactive checks.

Just wanted to add to the list of DNS utilities:
https://www.grc.com/dns/dns.htm
very decent I believe.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

https://unboundtest.com/ from SERVFAIL looking up TXT (IDNA or DNSSEC issues?)

1 Like

Thanks, now added. Changed the order, so the (now) three tools of active members are listed as (1).

3 Likes