SSL
Performance
seq 10 | xargs -I@ -n1 curl -kso /dev/null -w "tcp:%{time_connect}, ssldone:%{time_appconnect}\n" https://wiki.sysop.cafe
Check certificate expiration date
domain=www.google.com; days=14; echo | openssl s_client -connect $domain:443 2>/dev/null | openssl x509 -noout -checkend $(($days * 24 * 60 * 60)) -enddate
SSL check script
http://prefetch.net/code/ssl-cert-check (local copy, probably outdated: [[https://wiki.sysop.cafe/resources/ssl-cert-check.txt]])
Strong Ciphers
SSL/TLS scanning library
Generate self-signed cert without passphrase
openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out fullchain.pem -days 365 -nodes
Convert ''.crt'' and ''.key'' to ''.pfx''
openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in fullchain.pem openssl pkcs12 -info -in cert.pfx #to verify
Convert ''.pfx'' to ''.crt'' and ''.key''
cert=foo_bar.pfx openssl pkcs12 -in $cert -clcerts -nokeys -out $(basename "$cert" .pfx).crt openssl pkcs12 -in $cert -nocerts -out $(basename "$cert" .pfx)-encrypted.key openssl rsa -in $(basename "$cert" .pfx)-encrypted.key -out $(basename "$cert" .pfx).key
Cert enddate
openssl s_client -connect www.example.com:443 < /dev/null 2>/dev/null | openssl x509 -noout -enddate