- Speaker - - Senior Software Developer - - Co-organiser of @ShropshireDevs - - Site Reliability Engineering Advocate -
Test Your SSL Servers From Within PowerShell
If you read my blog or follow my GitHub account, you’re likely to have seen I’ve recently released a .NET library which is a wrapper for the SSL Labs assessment Api’s. These Api’s allow the consumer to test their public facing SSL services to detect any configuration issues like certificate chain incomplete, Heartbleed vulnerable, etc.
So why am I mentioning this wrapper again? Well let me explain.
While we were preforming out out of hours maintenance to replace the SSL certificates on our load balancers, I found myself constantly jumping to my browser to run a fresh assessment of our SSL hosts using SSL Labs. As you can imagine even with a great testing tool such as SSL Labs the process became laborious and just didn’t scale that well (i.e opening multiple scans using multiple browser tabs). I therefore saw this as another great opportunity to use my SSL Labs Api Wrapper (previously called SSLLWrapper) as well as improving our process using automation.
ExternalSSLTester.ps1 is written to analyse a host as well as its endpoints and then return this information back to you. The script can also take a list of multiple hosts to ease the life of an IT administrators or DevOps engineer.
Note - the script currently uses the development SSL Labs Api as it hasn’t currently been released for production use yet.
Here is a copy of the ReadMe file for ExternalSSLTester that describes the usage information.
This PowerShell script can be used to check the SSL implementations of any public facing server. To achieve this, the script consumes the SSL Labs Assessment Api using a .NET library called SSL Labs Api Wrapper (previously called SSLLWrapper). This wrapper is also written by myself and can be found at GitHub, NuGet or My Website.
ExternalSSLTester.ps1 can be invoked for use with a single host or a predefined selection of hosts which are passed in as a file path. Below are examples of both options:
Single HostExternalSSLTester.ps1 https://www.ashleypoole.co.ukExternalSSLTester.ps1 -host https://www.ashleypoole.co.ukMultiple HostsExternalSSLTester.ps1 -hosts "C:\HostsToCheck.txt"Detailed Output
The script can also be instructed to give a more detailed output for a host's endpoints by using the 'details' parameter. Examples below:
ExternalSSLTester.ps1 https://www.ashleypoole.co.uk -endpointdetails $TrueExternalSSLTester.ps1 -host https://www.ashleypoole.co.uk -endpointdetails $True
I’ve uploaded the script to my PowerShell tools repository on GitHub where you can also find the required DLL’s. Feel free to fork the repository and create pull requests for any improvements to share with the community or comment on this post.