_edited.jpg)
FireDaemon Certify One
Scan, audit, and monitor SSL / TLS certificates regardless of issuing CA
Web browsers and devices in general have become much stricter in regard to handling SSL / TLS certificates. All major browsers will warn or block access to sites where the SSL / TLS certificate or certificate chain is invalid. Certificate lifespans have been reduced. Hence, it's important to be able to audit and report on certificate validity to ensure the certificate chain is intact and test whether certificates have been revoked or expired. Similarly, access may be blocked to a website if the certificate chain of trust (i.e. all certificates including the root CA certificate and any intermediate certificates) is incomplete, misordered, revoked, or expired.
Product:
Version:
Price:
OS:
FireDaemon Certify One
4.0.6 January 2023
$25 per license per server or workstation
Features
-
Scan all endpoints of a specific host
-
View graphical reports on the Dashboard
-
Quickly see expiring SSL / TLS certificates
-
Quickly discover failing SSL / TLS certificates or hosts
-
Easily see SSL / TLS renegotiation failures and other handshake warnings
-
Easily view the SSL / TLS certificate chain for a host
-
View the properties of an established SSL / TLS connection
-
View the DNS queries and record types involved in resolving host names
-
Schedule automatic scans of your hosts daily or weekly
-
Receive a scan report in your inbox
-
Query CAA DNS records.
Installation
Installation
Once you have downloaded the installer, double-click the installer and follow the installation instructions.
Step 1: Setup Scan Targets and Scheduling
First off, populate the list of Scan Targets. Then click the "Scan All" button. You can also Schedule scans to run automatically. You can test Certify One with valid, expired, and revoked certificates via ssl.com or badssl.com.
Step 2: Review Scan Log
If you hover over any scanned host, you will see a Scan Log icon. Click on the Scan Log to display the Scan Log dialog which contains scan information.
Step 3: View Graphical Reports on the Dashboard
You will be able to see a graphical summary of scan results on the Dashboard once the scans have been completed.
Step 4: Filtered View
If click on the graph elements you will be provided with a filtered view of the Scan Targets. The screenshot below provides an example, showing scan targets where the certificate issuer is Let's Encrypt.
Step 5: Email Reports
If you click on the hamburger menu (to the right of the Certify One logo) you can open the Options dialog. In the Options dialog you can set up notification settings, so every time a scan is run Certify One will send you an email-based report. Here's the Options menu:
Step 6: Receive Reports
You should then receive an email-based report similar to below:
Step 7: Querying CAA Records
You can also query DNS CAA records via the command line! For example:
