I’ve moved to management and don’t get to do the fun stuff as much, but recently I got to script a SSL check as we didn’t have engineering resources to complete the task. Yay!
WARNING: Do not copy/paste code from websites. Sites can inject funny stuff into lines that you cannot see.
Single URL test prep work
- Get a Linux VM. I chose CentOS 7, but you could use almost anything.
- Get a list of URLs to check.
Install the Qualys SSL checker to CentOS
- ssh to your Linux box.
- Install the Go language if it isn’t already.
sudo yum install golang
- Grab the Qualys SSL labs tester binary for Linux. OSX and Win is also available.
curl -O https://github.com/ssllabs/ssllabs-scan/releases/download/v1.3.0/ssllabs-scan_1.3.0-linux64.tgz
- Unzip the binary
tar -zxvf ssllabs-scan_1.3.0-linux64.tgz
- Make your binary executable.
chmod +x ssllabs-scan
- Test it out!
Prep work for multiple URLs.
- Import our list
ato edit, and then paste in your URL list
- hit ESC to get our of edit mode.
- hit enter
- Test it on our sitelist.
./ssllabs-scan -json-flat=true -hostfile=sitelist > results.json
- Does it look okay?
Convert to CSV. If your brain has atrophied from being in management and you can no longer read json.
- Install epel repo, pip, lxml, and most importantly csvkit. You need epel before you can install pip.
sudo yum install epel-release
sudo yum install python-pip
sudo pip install --upgrade pip
sudo pip install csvkit
sudo pip install lxml==3.4.2
in2csv results.json > results.csv
- Does it look like a csv?
Big thanks to https://github.com/wireservice/csvkit and Qualys https://github.com/ssllabs/ssllabs-scan