驗證SSL憑證是否有正確安裝?是否有漏洞?
如何驗證SSL憑證是否有正確安裝?是否有漏洞?
這幾年來,幾家科技大廠包含Google等在內,致力於推動為網站安裝SSL,作為資訊安全的第一步。
SSL憑證是否有正確安裝?是否有漏洞?當然如果您的憑證是由專業的工程師或主機商協助安裝,那基本是安全無虞的
捕夢網接下來要介紹幾個網站,只需輸入網站,即可幫您驗證SSL憑證是否有正確安裝?是否有漏洞?
1. SSL Labs
SSL Labs by Qualys is one of the most popular SSL testing tools to check all latest vulnerability & misconfiguration. Ex:
SSL Labs為目前最常被使用用來檢測SSL憑證的網站之一
2. SSL Checker
SSL Checker let you quickly identify if a chain certificate is implemented correctly. Great idea to proactively test after SSL cert implementation to ensure chain certificate is not broken.
SSL Checker可以快速確認Chain Certificate是否安裝正確
3. Geekflare
Geekflare提供兩種檢測工具
TLS Test – quickly find out which TLS protocol version is supported. As you can see, the tool is capable of testing the latest TLS 1.3 as well.
TLS Test是用來檢測TLS protocol是否太舊或不安全的用的
TLS Scanner – detailed testing to find out the common misconfiguration and vulnerabilities.
TLS Scanner則可以詳細檢測常見的設定錯誤或是漏洞是否存在
4. Wormly
Web Server Tester by Wormly check for more than 65 metrics and give you a status of each including overall scores. The report contains certificate overview (CN, Expiry details, Trust chain), Encryption Ciphers details, Public key size, Secure Renegotiation, Protocols like SSLv3/v2, TLSv1/1.2.
Wormly涵跨了65種檢測指標,會針對網站整體狀態給出評價
5. DigiCert
DigiCert SSL Installation Diagnostics Tool is another fantastic tool to provide you DNS resolves IP address, Certificate details including Issuer, Serial number, key length, signature algorithm, SSL cipher supported by the server and expiry details.
DigiCert可以提供DNS IP解析,還包含憑證發行者,金鑰,簽章等
6. SSL Server Security Test
Useful tool by High-Tech Bridge to perform scan against your https URL and provide in-depth technical information with an option to download the report in PDF format.
SSL Server Security Test讓您可以下載檢測報告,仔細檢測哪裡是否需要改善
7. Observatory
Observatory by Mozilla checks various metrics like TLS cipher details, certificate details, OWASP recommended secure headers, and more.
Observatory則是由火狐瀏覽器開發公司所提供的檢測工具
8. CryptCheck
CryptCheck quickly scans the given site and show score for protocol, key exchange, and cipher. You get detailed cipher suites details so can be handy if you are troubleshooting or validating ciphers.
CryptCheck則會告訴你關於套件的詳細訊息,那讓您在修正錯誤更加快速
資料參考來源: https://geekflare.com/ssl-test-certificate/#SSL-Server-Security-Test
