CheckTLS Extras

We have two tools that test general client/server services, and two tools that help manage SSL certificates.

Watch a Client/Server Connection Run It

Watch a real client connect to a real server in real time. WatchConnect sits inbetween your client and your server and lets you see everything that is sent and received between the two. It's an easy, cheap, online traffic sniffer. more...

Test IP Services Run It

Test many different Internet services such as POP, IMAP, HTTP. This test makes telnetting to different ports to test various TCP/IP services much easier. Because it also works on the secure (SSL) versions of these services, decripting the traffic so you can see it, it can test things that are impossible with telnet. more...

Show SSL Certificate Contents Show A Cert

SSL certificates are typically stored in X509 format, and they look something like:

-----BEGIN CERTIFICATE-----
...about 20 lines of gibberish...
-----END CERTIFICATE-----
This is an encoded rendering of the contents of the certificate (see X.509). ShowCert opens up the X509 formatted data and displays it in human read-able format.

Multi-Host Wild-Card SSL Certificate Generate Cert

SSL certificates are typically specific to a single host. An extension of the standard allows wildcards, for example *.mydomain.com. Wildcards are single-level, meaning *.mydomain.com matches host.mydomain.com but does not match host.sub.mydomain.com. And two wildcard characters are not allowed, so *.*.mydomain.com doesn't work.

It is also possible to do two or more hosts in a single certificate, which them works on both hosts. In fact, any number of hosts work in the same certificate. And so do any number of wildcard entries. Which means a single certificate can serve all of the following:

host1.domain.com
The standard single host.
host2.domain.com
A second host in the same certificate.
host.division.domain.com
Another host, this one in a subdomain of domain.com.
*.domain.com
All hosts in the domain (what goes in for the asterisk cannot have a dot in it). This would take care of the first two entries above but not the third.
*.division.domain.com
Another wildcard allowing all hosts in the subdomain. More than one wildcard specification can be in the same certificate.
192.168.254.100
A hardware address, for a host that does not have a name published on the Internet.

For example, all of our internal certs list *.CheckTLS.com and *.ForceTLS.com, and so are valid for any host in either domain.