This repository contains the code for shaaaaaaaaaaaaa.com, a tool to check whether your site's certificate is signed using SHA-1 (common, bad) or SHA-2 (rare, good).
Read more about why I built this tool and why replacing SHA-1 is important.
This tool does not validate certificates, or test anything besides SHA-1 vs SHA-2. For that, please visit the magnificent SSL Labs for a far more comprehensive review of your SSL configuration.
Depends on openssl
to download certificates. See below for a command line version.
Read the instructions on shaaaaaaaaaaaaa.com for replacing your cert and any intermediates.
Check out the issue tracker. The biggest things are:
- How about a bookmarklet, a Firefox extension, or a Chrome extension?
- Some annoying domain errors on edge cases in Google's DNS.
- Mapping out common certificate issuers so we can easily link people to replacements.
- Hunting down more SHA-2 intermediate locations than we currently have on the site.
- More unit tests, especially for intermediate certificates and chained root certificates.
- Getting some Internet SHA-1 stats by running the command line tool over a list of top sites, like Alexa's [CSV download].
Really, just making the site better all around.
This app requires Node. Then, install dependencies:
npm install
And run the app:
node app.js
For best results, make sure your system is using the latest version of openssl
.
To check a domain's certificate on the command line, use this repository's command line tool:
./bin/shaaaaaaaaaaaaa isitchristmas.com
This will exit with code 0
, and output formatted JSON to STDOUT:
{
"domain": "isitchristmas.com",
"cert": {
"algorithm": "sha1",
"raw": "sha1WithRSAEncryption",
"good": false,
"expires": "2016-04-08T11:47:28.000Z",
"name": "www.isitchristmas.com"
},
"intermediates": [
{
"algorithm": "sha256",
"raw": "sha256WithRSAEncryption",
"good": true,
"expires": "2017-10-24T20:57:09.000Z",
"name": "StartCom Class 2 Primary Intermediate Server CA"
}
]
}
If there's an error, you'll get some JSON with an error
flag of true
, and the process will exit with code 1
:
$ ./bin/shaaaaaaaaaaaaa bad-domain
{
"error": true,
"domain": "bad-domain",
"message": "Couldn't lookup hostname."
}
This is a tiny tool by Eric Mill. Released under an MIT License.