Skip to content
This is the project page for:
Our automated Digital Certificate (SSL/TLS) scanner service. It was launched in November 2016 at the London WARP Conference at the IEEE and recognised by NCSC as a companion product to their product sets, used by two UK police forces, lots of local government teams and beyond. It was showcased at the June 2017 Socitm Better Connected event.
What is SSL: SSL (Secure Sockets Layer)? SSL is the standard security technology for establishing an encrypted link between a web server and a browser (HTTPS). This link ensures that all data passed between the web server and browsers remain private and integral.
What is TLS? TLS is a successor to Secure Sockets Layer protocol (or SSL), TLS provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same.
Why test this? Firstly all website traffic is moving slowly to HTTPS (port 443), this, even more, the case for .gov.uk and broader public service websites. This brings your digital certificate into sharp focus as being good enough to do this security work between the website and the consumer. SSL and TLS are the protocols that move data between consumers and your website, encrypting it while it moves.
Digital certificates have their vulnerabilities such as Heartbleed, CCS, POODLE, FREAK, DROWN, LOGJAM and others, and they also have a nasty habit of running out of date. Both lead to reputation issues with those using your online services and the fact that citizens (the public) cannot communicate securely with you over the Internet.
How often does this test run? Monthly!
How do I book a scan? – EASY – CLICK HERE!
What do I get? An email, we will also flag up vulnerabilities in the subject line and within the email, so you are aware without evening needing to read it all, although we hope you do! Nonetheless, there will be sufficient detail for you to take up with those who can fix problems!
This is a free service for now. It is part of other works that are open source, so there are some limitations of our liability, these can be found by clicking here – Limitations of Liability
FREE for as long as we can sustain free, ie while there is a need, or for as long as this service is useful, or until this service is provided by someone else!
The service here is the supply of a suitable updated and upgraded and secure Linux based system. It uses various open source modules to achieve this reporting for you. And the development of the know-how and the skills in running and maintaining this service.
We can test other digital certificates such as those on SMTP (email servers), as long as they are exposed to the internet and not on a corporate network – there are tools for this, please ask!
Cost of running this is met by 1uglycrazyroboT for the common good for the following organisations: Government domains such as .gov.uk, .police.uk .mod.uk etc, also the voluntarily academic and 3rd sector, others upon application. That said you may wish to contribute, however, I would like to make a few things clear. Firstly, I have never counted the hours spent doing projects such as this, and would never ask for money in exchange for that. I do it for pleasure, for the passion of making useful tools, to help as many people as possible, and to learn. Thus, I hope my work is useful to the public sector infosec community. Secondly. I only created this donation system because people suggested that I create it and that my work could be rewarded. You are free to support me by making a donation or sharing what this certificate scanner does with others so they can make use of it. I am very grateful to you in advance. The best reward is your positive feedback and use of what I have made. So thanks for reading this, and if you would like to buy me a coffee:
Finally our services can also be licensed commercially for other domains.
Coded in late Sept 2016, running on Debian/Ubuntu, using OpenSSL with some degraded SSL (to support checking of older weaker cyphers), Mailx & Bash, ideas and works by many, the work of Peter Mosmans on OpenSSL is acknowledged with thanks… This work by @cryptomoose