Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name

Asset Definition
Release Notes
Release Assets


Build Status
Gem Version
Code Climate
Test Coverage
Dependency Status



  • bin/check-java-keystore-cert.rb
  • bin/check-ssl-anchor.rb
  • bin/check-ssl-crl.rb
  • bin/check-ssl-cert.rb
  • bin/check-ssl-host.rb
  • bin/check-ssl-hsts-preload.rb
  • bin/check-ssl-hsts-preloadable.rb
  • bin/check-ssl-qualys.rb



Check that a specific website is chained to a specific root certificate (Let's Encrypt for instance).

./bin/check-ssl-anchor.rb -u -a "i:/O=Digital Signature Trust Co./CN=DST Root CA X3"


Checks a CRL has not or is not expiring by inspecting it's next update value.

You can check against a CRL file on disk:

./bin/check-ssl-crl -c 300 -w 600 -u /path/to/crl

or an online CRL:

./bin/check-ssl-crl -c 300 -w 600 -u

Critical and Warning thresholds are specified in minutes.


Installation and Setup


To run the testing suite, you'll need to have a working ruby environment, gem, and bundler installed. We use rake to run the rspec tests automatically.

bundle install
bundle update
bundle exec rake


bin/check-ssl-anchor.rb and bin/check-ssl-host.rb would be good to run in combination with each other to test that the chain is anchored to a specific certificate and each certificate in the chain is correctly signed.

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.


You must be signed in to report this asset.

Sign In with Github



There are no asset definitions for this version, only source code:

Download Source Cancel