-
-
Save gnanet/04a1e205d6956282473d03a7a6e25faa to your computer and use it in GitHub Desktop.
Single run test for TLS and SSL of all kind of services, with extra advices for letsencrypt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Released under CC0 licence cf. http://creativecommons.org/publicdomain/zero/1.0/ | |
| # In case of | |
| # depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 | |
| # verify error:num=20:unable to get local issuer certificate | |
| # download https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem to /etc/ssl/certs | |
| # In case of Proftpd and 21 (unable to verify the first certificate) with letsencrypt the TLSCACertificateFile and TLSRSACertificateFile have to specified separately like in the article below | |
| # https://medium.com/@dchesterton/using-let-s-encrypt-with-proftpd-on-ubuntu-53611157a344 | |
| # For the HTTP SNI test this article was used | |
| # http://blog.chrismeller.com/testing-sni-certificates-with-openssl | |
| if [ ! $1 ]; then echo "Usage: `basename $0` hostname"; exit 1; fi | |
| HOST="$1" | |
| TIMEOUT="" | |
| echo "HTTP + SSL (443)" | |
| openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 443 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "HTTP + SNI + SSL (443)" | |
| openssl s_client -CApath /etc/ssl/certs -servername "${HOST}" -connect "${HOST}:443" 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "FTP + TLS (21)" | |
| openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 21 -starttls ftp 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "POP3 + TLS (110)" | |
| openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 110 -starttls pop3 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "POP3 + SSL (995)" | |
| openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 995 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "IMAP4 + TLS (110)" | |
| openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 143 -starttls imap 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "IMAP4 + SSL (993)" | |
| openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 993 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "SMTP + SSL (465)" | |
| openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 465 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "SMTP + TLS (587)" | |
| openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 587 -starttls smtp 2>&1 </dev/null | egrep "(^subject=|Verify return code)" | |
| echo "SMTP + TLS (25)" | |
| echo "Warning: this test could hang with ISP-s who are blocking access to outgoing port 25" | |
| # if the timeout command is available we start this test with a 5 seconds timeout | |
| if [ -x /usr/bin/timeout ]; then TIMEOUT="timeout 5"; fi | |
| $TIMEOUT openssl s_client -CApath /etc/ssl/certs -host "${HOST}" -port 25 -starttls smtp 2>&1 </dev/null | egrep "(^subject=|Verify return code)" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment