Versions Compared

Version Old Version 5 New Version 6
Changes made by

Milton Suen

Milton Suen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

This KB guide focuses on using OpenSSL and testssl.sh to validate SSL/TLS certificates, ensuring they are configured correctly, include a complete certificate chain, and are trusted. It covers testing certificates both locally and on HAProxy servers.

Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

Prerequisites

  1. Install OpenSSL:

    • Ensure OpenSSL is installed on your system. Most Linux distributions include it by default:

      Code Block
      openssl version

  2. Install testssl.sh:

    • Clone the repository from GitHub

      Code Block
      git clone --depth 1 https://github.com/drwetter/testssl.sh.git
cd testssl.sh
chmod +x testssl.sh

  3. HAProxy Configuration (if applicable):

    • Confirm HAProxy is running with SSL/TLS enabled.

    • Verify the SSL port (default: 443) is exposed for testing.

...