dotnet tool install --global dotnet-ssllabs-check --version 2.1.1
dotnet new tool-manifest # if you are setting up this repo dotnet tool install --local dotnet-ssllabs-check --version 2.1.1
nuke :add-package dotnet-ssllabs-check --version 2.1.1
Tool that will check ssllabs score api and cert expiration when provided a list of hosts.
dotnet tool install --global dotnet-ssllabs-check
dotnet-ssllabs-check Unofficial SSL Labs Client Usage: ssllabs-check [options] <hostname(s)> Arguments: hostname(s) Hostnames to check SSL Grades and Validity Options: -?|-h|--help Show help information -v|--version Show version and service information -o|--output <DIRECTORY> Output directory for json data [Default: does not write out data] --hostfile <PATH> Retreive list of hostnames from file to check (one host per line, # preceding comments) --verbosity <LEVEL> Level of data written to the console (error,warn,info,progress,debug,trace) [default: progress] --api <API> Alternative API endpoint (ie. preproduction: https://api.dev.ssllabs.com/api/v3/) --emoji Show emoji when outputing to console --jmespath <QUERY> <QUERY> written in jmespath. See http://jmespath.org for spec. Custom functions for annotating log level. ie. | error(@) | warn (@) | info (@) | progress (@) | debug (@) | trace (@) --jmespathfile <PATH> Retreive list of jmespath queries from file to check (one query per line, # preceding comments)
- Clearly displays time to expiration for leaf certificates (if RSA and EC are both served then both are listed).
- Highlights expiring certificates if 90 Days, if original certificate validatity period is 365 days or under (assumes those are automated renewals) then uses 30 days.
- Shows SSL Grade per Host and IP address combo.
- Error Codes types are combined for exit code with bitwise or.
- Runs requests in parallel when under api limits, but writes to console in order of scan finishing first.
- Add custom details or checks using JmesPath queries
Example Standard Output
dotnet-ssllabs-check v220.127.116.11 - Unofficial Client - (engine:1.35.1) (criteria:2009p) This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html Started: 7/17/2019 2:05:20 PM Hostnames to Check: ekonbenefits.com myekon.com -- 1 of 2 --- 00:00:06.8577868 -- ekonbenefits.com: Certificate #1 EC 256 bit: SAN: ekonbenefits.com, www.ekonbenefits.com Expires: 169 days from today Certificate #2 RSA 2048 bit: SAN: www.ekonbenefits.com, ekonbenefits.com Expires: 169 days from today Endpoint '18.104.22.168': Grade: A+ Details: https://www.ssllabs.com/ssltest/analyze.html?d=ekonbenefits.com -- 2 of 2 --- 00:00:28.6695682 -- myekon.com: Certificate #1 RSA 2048 bit: SAN: myekon.com, www.myekon.com Expires: 59 days from today Endpoint '22.214.171.124': Grade: A Details: https://www.ssllabs.com/ssltest/analyze.html?d=myekon.com Completed: 7/17/2019 2:05:49 PM All Clear.
# Explicitly warn if TLS 1.0 is not disabled endpoints.details.protocols | [?name=='TLS' && version=='1.0'] | warn(@) # display specific values endpoints.[ipAddress, details.ocspStapling] | info(@)
|Product||Versions Compatible and additional computed target framework versions.|
|.NET||net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed.|
|.NET Core||netcoreapp2.1 is compatible. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed.|
This package has no dependencies.