FireDaemon Inspektor

Command-line tool to help you
check & validate SSL / TLS certificate chains

FireDaemon Inspektor is a simple command-line utility designed to help you validate SSL / TLS certificate chains.

Why would you want such a utility?

In recent years, browsers have become much stricter in regard to handling SSL / TLS certificates. For example, all major browsers will warn or even block access to sites where the SSL / TLS certificate is expired, self-signed, or revoked. Similarly, access may be blocked if the certificate chain of trust (e.g. root CA or intermediate certificates) is incorrect, certificates in the chain of trust are missing or have been revoked. Hence, it's important to be able to audit the validity of certificates, certificate chains and test whether certificates have been revoked.

Product Snapshot

Product: 

Version:

Price:
OS:

FireDaemon Inspektor

May 2021

Free

Microsoft Windows

Installing FireDaemon Inspektor SSL / TLS Certificate Validator

  1. Unpack the ZIP file to a temporary location

  2. Copy the contents of the x64 folder found in the ZIP file to a directory of your choice (e.g. C:\Program Files\FireDaemon Inspektor)

  3. Install the Microsoft Windows Visual C++ Runtime found in the prerequisites folder found in the ZIP file by double-clicking on the file vc_redist.x64.exe

  4. Open an elevated command prompt and change directory to the installation directory (e.g. cd \Program Files\FireDaemon Inspektor)

 

Using FireDaemon Inspektor SSL / TLS Certificate Validator

 

Command-Line Options

Type SSLClient at the command prompt to see the command-line options per the screenshot below.

SSL / TLS Certificate Chain Validator
Checking A Certificate Chain

Use the SSLClient connect <url>:<port> syntax to check a certificate chain. Multiple <url>:<port> arguments can be supplied to check multiple certificates at once. For example:

SSL / TLS Certificate Chain Validator
Checking Certificate Revocation

You can also use the --crl-check option to check for the presence of a certificate revocation list URI. If none is presented you will get a certificate verification error. For example, the firedaemon.com certificate does not contain a revocation list URI:d certificates via ssl.com.

SSL / TLS Certificate Chain Validator

Whilst the microsoft.com certificate does contain a certificate revocation list URI:

SSL / TLS Certificate Chain Validator

You can test FireDaemon Inspektor with valid, expired, and revoked certificates via ssl.com.

Ready to try FireDaemon Inspektor
SSL / TLS Certificate Validator