SSL/TLS scanning tools
It might be useful to test your certificate installation. That's why we provide this list. We cannot guaranty that non-TBS software will work efficiently.
External server scannaing tools
Those tools require the website or service to be available via the Internet.
CoPiBot (TBS INTERNET)
CoPiBot is our SSL/TLS certificate diagnostic tool, accessible on your certificate's status page, button "Test your install" or on its dedicated page.
Qualys SSL Labs
Qualys SSL Labs provides a SSL test allowing you to check your certificate installation and your server's SSL/TLS security.
Internal server scanning tools
Those tools might be used on your local network to check if a certificate is correctly installed. This can be especially useful when your server is not available outside your network (intranet, security, etc).
Openssl
You can simply check your certificate install with Openssl(TBS Documentation). To do so, edit and run the following command:
$ openssl s_client -connect HOSTNAME:PORT -prexit -showcerts -state -status -tlsextdebug -verify 10
Open is easily installable via your package/port manager if you are running a Linux/BSD/Unix OS. On Windows, please refer to our Specific Documentation.
Nmap
You can also use Nmap to detect the ciphers supported on your server. Be careful as the script can be resource costly for your connection.
nmap --script ssl-enum-ciphers -p PORT HOSTNAME
GnuTLS
You can use the gnutls-cli too from GnuTLS You can use the gnutls-cli too from GnuTLSto check your certificate's installation and some SSL/TLS configuration information on your server. An official windows executable is provided by GNUTLS. If you wish to use it, please make sure that it is in Windows' PATH environment variable.
gnutls-cli --insecure --port PORT --print-cert --verbose HOSTNAME gnutls-cli-debug --port PORT --verbose HOSTNAME
sslscan
You can also use the Openssl wrapper, sslscan (website) or its most active fork .
A Windows port also exists, but its development seems halted.
sslscan --no-failed HOSTNAME
testssl.sh
You can also use the Openssl-based script, testssl.sh. This script allows you to check certification chains, ciphers, protocols, and common vulnerabilities.
This script requires an Unix/Posix operating system with bash and openssl, such as Linux, BSD, Mac OSX, Cygwin (Linux compatibility layer for Windows).
/chemin/vers/testssl.sh HOSTNAME
Ssleuth
Ssleuth (Download page) is an addon for the Mozilla Firefox browser that displays information on the certificate and the established TLS connection.
Since Firefox version 57 (Quantum), the SSLEuth addon is not working anymore. A migration effort toward a newly released API is currently ongoing.
Browser scanning tools
When you are make compatibility checks, it might be useful to check your browsers security.
Qualys
Qualy SSL Labs provides a test allowing you to check your browser's SSL/TLS security.
DCSec
The DCSEC research group from Hannover's Leibniz University provides a test allowing you to evaluate your browser's cipher compatibility.
tlsfun
A few security tests are provided by Hanno Böck.