So you’ve gone to the trouble of buying and installing an SSL certificate.  How do know you installed it properly?  Some would just test the site by trying it with their browser. The problem is that Internet Explorer and Firefox validate the certificate path differently.  Firefox will install an intermediate certificate while IE doesn’t.  IE validates the shortest path, while Firefox validates the full path. There are other desktop browsers such as Opera, Safari, and Chrome and then the mobile browsers.  The best thing to do is to use an OpenSSL based tool to do your checking.

Entrust has such a tool.  Once you install your new SSL certificate, all you need to do is key in your fully qualified domain name into Entrust SSL Install Check and click verify.  The tool will validate your SSL certificate installation, confirm your IP address and server type and tell you if all chain certificates have been installed correctly. If any of the certificates are missing, the tool will provide instructions to fix the problem.

You can also check the status and validity of SSL certificates that you have previously installed. In addition to the checks above, SSL Install Check will tell you if the certificate has expired or has been revoked.

Other sites have SSL tools as well.  The SSL Shopper tools page includes tools for CSR decoding, certificate decoding, and certificate format converting.

One tool I find very useful is the Public SSL Server Database / SSL Server Test tool at Qualys SSL Labs. This tool provides an overall assessment of how your web server has been configured for SSL.  It provides a letter grade based on the SSL certificate, protocol support, key exchange and cipher suite. The scores are explained in an SSL Server Rating Guide.

For quick reference here is a list of the online SSL tools mentioned above:

SSL Install Check
CSR Decoder
Certificate Decoder
SSL Certificate Format Converter
Public SSL Server Database / SSL Server Test

Bruce Morton

Bruce Morton

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.