The Top 5 SSL Tools
While you always hope that things will go smoothly when you do your SSL install, life likes to make things difficult sometimes. At times, it can take a lot of time and effort to figure out what a specific problem is. Don't worry though! There are several SSL tools that are available that can help you determine the problem and get your servers running SSL properly.
Note: Since writing this article we have created our own selection of SSL Certificate Tools. Be sure to check them out as well!
By far the most versatile (and complex) SSL tool, OpenSSL is an open source implementation of the SSL protocol. There are versions for nearly every platform, including Windows, Linux, and Mac OS X. OpenSSL is commonly used to create the CSR and private key for many different platforms, including Apache. However, it also has hundreds of different functions that allow you to view the details of a CSR or certificate, compare an MD5 hash of the certificate and private key (to make sure they match), verify that a certificate is installed properly on any website, and convert the certificate to a different format. Make sure to view our list of Most Common OpenSSL commands.
2. Comodo CSR Decoder
Need to see what information is in a CSR? You could do it with OpenSSL but it is far easier to just use Comodo's CSR Decoder tool. Just paste the CSR into the online form and hit "Decode". Also try our own (better) CSR Decoder and Certificate Decoder!
3. DigiCert Exchange Certificate Command Generator
Microsoft's Exchange 2007 introduces some useful new features that require the use of a Unified Communcations Certificate. But instead of generating the CSR using IIS you have to use the Exchange Management Shell. Rather than figuring out the exact command line syntax, you can use DigiCert's Exchange Certificate Command Generator to make a New-ExchangeCertificate command that you can just paste in.
4. DigiCert Certificate Tester
A very useful feature of OpenSSL is the ability to check whether a site has a certificate installed correctly. But it can be difficult to interpret the results. Using DigiCert's online Certificate Tester, you can stay within the comfort of your own web browser and check the certificate on any https enabled website. It will tell you the basic information contained in the certificate such as common name, subject, issuer and expiration date but, most importantly, it tells you whether the server is giving out the whole certificate chain. This is important to verify so that users don't see browser messages telling them that the certificate is not trusted. The SSL Certificate tester will show a red, broken chain icon if the server is missing an intermediate certificate.
Also make sure to try our own SSL Checker.
5. Microsoft SSL Diagnostics
Microsoft has provided their own SSL tool for IIS that can make problem solving easier. Its most useful features include creating a quick self-signed certificate for testing purposes and simulating an SSL handshake.
Originally posted on Sun Nov 4, 2007