Batch check SSL Certificates on CentOS

Hello all,

I’ve moved to management and don’t get to do the fun stuff as much, but recently I got to script a SSL check as we didn’t have engineering resources to complete the task. Yay!

WARNING: Do not copy/paste code from websites. Sites can inject funny stuff into lines that you cannot see.

Single URL test prep work

  1. Get a Linux VM. I chose CentOS 7, but you could use almost anything.
  2. Get a list of URLs to check.

Install the Qualys SSL checker to CentOS

  1. ssh to your Linux box.
  2. Install the Go language if it isn’t already.
    • sudo yum install golang
  3. Grab the Qualys SSL labs tester binary for Linux. OSX and Win is also available.
    • curl -O https://github.com/ssllabs/ssllabs-scan/releases/download/v1.3.0/ssllabs-scan_1.3.0-linux64.tgz
  4. Unzip the binary
    • tar -zxvf ssllabs-scan_1.3.0-linux64.tgz
  5. Make your binary executable.
    • chmod +x ssllabs-scan
  6. Test it out!

Prep work for multiple URLs.

  1. Import our list
    • touch sitelist
    • vi sitelist
    • hit a to edit, and then paste in your URL list
    • hit ESC to get our of edit mode.
    • wq
    • hit enter
  2. Test it on our sitelist.
    • ./ssllabs-scan -json-flat=true -hostfile=sitelist > results.json
  3. Does it look okay?
    • more results.json
    • hit q to exit

Convert to CSV. If your brain has atrophied from being in management and you can no longer read json.

  1. Install epel repo, pip, lxml, and most importantly csvkit. You need epel before you can install pip.
    • sudo yum install epel-release
    • sudo yum install python-pip
    • sudo pip install --upgrade pip
    • sudo pip install csvkit
    • sudo pip install lxml==3.4.2
  2. Convert!
    • in2csv results.json > results.csv
  3. Does it look like a csv?
    • more results.csv
    • hit q to exit

Big thanks to https://github.com/wireservice/csvkit and Qualys https://github.com/ssllabs/ssllabs-scan

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s