bmoers/sslpoke

Test SSL Connection with Proxy Option

Usage

# download the latest version
curl -L -O https://github.com/bmoers/sslpoke/raw/master/SSLPoke.jar

# run
java -jar SSLPoke.jar themoerch.com 443

Usage with Proxy

java -Dhttps.proxyHost=212.225.137.109 \
     -Dhttps.proxyPort=8080 \
     -jar SSLPoke.jar themoerch.com 443

> com.moers.ssl.SSLPokeProxy
> Using proxy settings: 212.225.137.109:8080
> Response: HTTP/1.1 200 OK
> Successfully connected to themoerch.com:443

Usage with specific keystore

# basic usage
java -Djavax.net.ssl.trustStore=/path/to/store/cacerts \
     -Dhttps.proxyHost=proxy.host.com \
     -Dhttps.proxyPort=8080 \
     -jar SSLPoke.jar themoerch.com 443

# extended
java -Djavax.net.ssl.trustStore=/path/to/store/LdapSSLKeyStore.jks \
     -Djavax.net.ssl.trustStorePassword=123 \
     -Djavax.net.ssl.trustStoreType=jks \
     -jar SSLPoke.jar themoerch.com 443

Import certificate into your local TrustStore

# use keytool to import the certificate
keytool -import -trustcacerts -storepass changeit -noprompt -file ./rootCa.cer -alias ROOT_CA -keystore ./LocalTrustStore 

java -Djavax.net.ssl.trustStore=./LocalTrustStore \
     -jar SSLPoke.jar themoerch.com 443

Cert Issues

If you get an PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error this indicates that the Proxy is intercepting the TLS handshake and you require to add its CA to your local TrustStore.

Build

mvn package

Resource

https://gist.github.com/4ndrej/4547029
https://gist.github.com/bric3/4ac8d5184fdc80c869c70444e591d3de