Third-party-Tools to check your configuration - Discussion

JuergenAuer · November 1, 2018, 2:38pm

Managing Letsencrypt certificates - sometimes it's difficult. So there is a closed topic with some annotations.

Third party Tools to check your configuration

If a link is broken or if you have ideas - send a PM or use this topic.

tdelmas · October 31, 2018, 5:06pm

https://observatory.mozilla.org/ is usefull too (For the TLS scanner mainly)

https://dnssec-analyzer.verisignlabs.com for DNSSEC

https://tools.keycdn.com/ipv6-ping to test the IPv6 connectivity from different locations

maybe off topic : https://hstspreload.org/

stevenzhu · October 31, 2018, 5:39pm

https://tools.keycdn.com/curl Online curl tool
https://www.mxtoolbox.com/ Check if a record is available from all authoritative NS server.

JuergenAuer · October 31, 2018, 5:51pm

Thanks. Added both, aggregated. If a site has a lot of tools, the start page or the page with the complete tool list is preferred.

One day later: Created this discussion topic and moved the replies.

_az · November 1, 2018, 7:49pm

https://tools.letsdebug.net/cert-search - compared to crt.sh, it understands the PSL, understands Let’s Encrypt’s rate limits, and de-duplicates poisoned/real certificates. Since crt.sh is no longer significantly delayed since some weeks now I’m not sure there’s a great reason to continue to prefer Google’s aggregator over crt.sh.

Edit: looks like I got IP banned by crt.sh, hold off on this suggestion until I can address it …

Edit 2: we wern’t banned, they rotated their IPv4 address and I had them /etc/hosts'd from a time when their IPv6 was flakey. Whoops.

JuergenAuer · November 1, 2018, 9:59pm

Thanks - added with the start page.

ahaw021 · November 2, 2018, 3:00am

WeakDH.org
https://weakdh.org/sysadmin.html

Cipher.list
https://cipherli.st/

OWASP: https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet

OpenSSL and NMAP - not every server is exposed to the web so offline tools should be included as well

SSLYZE - python checker

Censys - CT searching via API https://censys.io/

Keychest - CT proactive alerts https://keychest.net/

My Own Tool which i use for mail protocols (STARTTLS can be tricky to troubleshoot) https://github.com/ahaw021/SSL-MAIL-PROTOCOLS-TESTING

JuergenAuer · November 4, 2018, 9:51pm

Thanks. Added some links. The main focus are online tools with interactive checks.

kavabill · November 14, 2018, 6:21am

Just wanted to add to the list of DNS utilities:
https://www.grc.com/dns/dns.htm
very decent I believe.

tdelmas · December 30, 2018, 11:43pm

https://unboundtest.com/ from SERVFAIL looking up TXT (IDNA or DNSSEC issues?)

JuergenAuer · January 6, 2019, 5:28pm

Thanks, now added. Changed the order, so the (now) three tools of active members are listed as (1).

Topic		Replies	Views
Third-party-Tools to check your configuration Help	3	28174	November 1, 2018
What DNS checkers should people use? Site Feedback	30	5941	September 3, 2017
List of SSL/TLS related tools and tests you use? Server	11	9948	July 18, 2016
Hint to letsdebug.net in error message Feature Requests	12	2559	December 5, 2018
Does Letsencrypt provides wild card certificates? Feature Requests	5	1418	November 3, 2019

Third-party-Tools to check your configuration - Discussion

Related topics