Knowledge Base

I wanted to conduct an audit of what TLS certificates are in use on my system. This command should be run from the system to be scanned, but the connection is made to the main IP address and not loopback. So for host server1, run this command:

{ for word in $( sudo ss -tlnu | awk '{print $5}' | awk -F ':' '!x[$2]++{print $2}' | sort -n ) ; do timeout 3s sslscanner server1:${word} | sed -r -e "s/^/${word}: /;" ; done ; } 2>&1 | grep -vE '^Terminated$'

Observe that this command does depend on the sslscanner script.

The sample output is:

443: subject= /O=IPA.EXAMPLE.COM/CN=server1.ipa.internal.com
443: issuer= /O=IPA.EXAMPLE.COM/CN=Certificate Authority
443: notBefore=May  7 19:03:38 2021 GMT
443: notAfter=May  8 19:03:38 2023 GMT
443: san=www.example.com
443: san=server1.ipa.internal.com
443: san=www.ipa.internal.com
443: san=www.internal.com
443: 
500: subject= /CN=www.example.com
500: issuer= /C=US/O=Let's Encrypt/CN=R3
500: notBefore=Feb 26 23:38:29 2022 GMT
500: notAfter=May 27 23:38:28 2022 GMT
500: san=www.example.com
500: 
500: subject= /C=US/O=Let's Encrypt/CN=R3
500: issuer= /C=US/O=Internet Security Research Group/CN=ISRG Root X1
500: notBefore=Sep  4 00:00:00 2020 GMT
500: notAfter=Sep 15 16:00:00 2025 GMT
500: 
500: subject= /C=US/O=Internet Security Research Group/CN=ISRG Root X1
500: issuer= /O=Digital Signature Trust Co./CN=DST Root CA X3
500: notBefore=Jan 20 19:14:03 2021 GMT
500: notAfter=Sep 30 18:14:03 2024 GMT
500:

This oneliner makes it simple to see which certificates are in use, on what port.