Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


SSL/TLS scanning tools

It might be useful to test your certificate installation. That's why we provide this list. We cannot guaranty that non-TBS software will work efficiently.

External server scannaing tools

Those tools require the website or service to be available via the Internet.

CoPiBot (TBS INTERNET)

CoPiBot is our SSL/TLS certificate diagnostic tool, accessible on your certificate's status page, button "Test your install" or on its dedicated page.

Qualys SSL Labs

Qualys SSL Labs provides a SSL test allowing you to check your certificate installation and your server's SSL/TLS security.

Internal server scanning tools

Those tools might be used on your local network to check if a certificate is correctly installed. This can be especially useful when your server is not available outside your network (intranet, security, etc).

Openssl

You can simply check your certificate install with Openssl(TBS Documentation). To do so, edit and run the following command:

$ openssl s_client -connect HOSTNAME:PORT -prexit -showcerts -state
  -status -tlsextdebug -verify 10

Open is easily installable via your package/port manager if you are running a Linux/BSD/Unix OS. On Windows, please refer to our Specific Documentation.

Nmap

You can also use Nmap to detect the ciphers supported on your server. Be careful as the script can be resource costly for your connection.

nmap --script ssl-enum-ciphers -p PORT HOSTNAME

GnuTLS

You can use the gnutls-cli too from GnuTLS You can use the gnutls-cli too from GnuTLSto check your certificate's installation and some SSL/TLS configuration information on your server. An official windows executable is provided by GNUTLS. If you wish to use it, please make sure that it is in Windows' PATH environment variable.

  gnutls-cli --insecure --port PORT --print-cert --verbose HOSTNAME
  gnutls-cli-debug --port PORT --verbose HOSTNAME

sslscan

You can also use the Openssl wrapper, sslscan (website) or its most active fork .

A Windows port also exists, but its development seems halted.

sslscan --no-failed HOSTNAME

testssl.sh

You can also use the Openssl-based script, testssl.sh. This script allows you to check certification chains, ciphers, protocols, and common vulnerabilities.

This script requires an Unix/Posix operating system with bash and openssl, such as Linux, BSD, Mac OSX, Cygwin (Linux compatibility layer for Windows).

/chemin/vers/testssl.sh HOSTNAME

Ssleuth

Ssleuth (Download page) is an addon for the Mozilla Firefox browser that displays information on the certificate and the established TLS connection.

Since Firefox version 57 (Quantum), the SSLEuth addon is not working anymore. A migration effort toward a newly released API is currently ongoing.

Browser scanning tools

When you are make compatibility checks, it might be useful to check your browsers security.

Qualys

Qualy SSL Labs provides a test allowing you to check your browser's SSL/TLS security.

DCSec

The DCSEC research group from Hannover's Leibniz University provides a test allowing you to evaluate your browser's cipher compatibility.

tlsfun

A few security tests are provided by Hanno Böck.