GitHub - konklone/shaaaaaaaaaaaaa at bba893fc40d98771b342870283d656336947cd0e

Name	Name	Last commit message	Last commit date
Latest commit History 226 Commits
bin	bin
public	public
test	test
views	views
.gitignore	.gitignore
CONTRIBUTING.md	CONTRIBUTING.md
LICENSE	LICENSE
README.md	README.md
app.js	app.js
ca-bundle.crt	ca-bundle.crt
fabfile.py	fabfile.py
fingerprints.json	fingerprints.json
package.json	package.json
routes.js	routes.js
shaaaaa.js	shaaaaa.js

Name

Last commit message

Last commit date

SHAAAAAAAAAAAAA

This repository contains the code for shaaaaaaaaaaaaa.com, a tool to check whether your site's certificate is signed using SHA-1 (common, bad) or SHA-2 (rare, good).

Read more about why I built this tool and why replacing SHA-1 is important.

This tool does not validate certificates, or test anything besides SHA-1 vs SHA-2. For that, please visit the magnificent SSL Labs for a far more comprehensive review of your SSL configuration.

No Longer depends on openssl to download certificates. See below for a command line version.

How do I update to SHA-2?

Read the instructions on shaaaaaaaaaaaaa.com for replacing your cert and any intermediates.

How can I help?

Check out the issue tracker. The biggest things are:

How about a bookmarklet, a Firefox extension, or a Chrome extension?
Some annoying domain errors on edge cases in Google's DNS.
Mapping out common certificate issuers so we can easily link people to replacements.
Hunting down more SHA-2 intermediate locations than we currently have on the site.
More unit tests, especially for intermediate certificates and chained root certificates.
Getting some Internet SHA-1 stats by running the command line tool over a list of top sites, like Alexa's [CSV download].

Really, just making the site better all around.

Running the website

This app requires Node. Then, install dependencies:

npm install

And run the app:

node app.js

Command line version

To check a domain's certificate on the command line, use this repository's command line tool:

./bin/shaaaaaaaaaaaaa sha1-2017.badssl.com

This will exit with code 0, and output formatted JSON to STDOUT:

{
  "domain": "sha1-2017.badssl.com",
  "cert": {
    "algorithm": "sha1",
    "raw": "sha1WithRSAEncryption",
    "good": false,
    "root": false,
    "expires": "2017-01-05T12:00:00.000Z",
    "name": "*.badssl.com"
  },
  "intermediates": [
    {
      "algorithm": "sha1",
      "raw": "sha1WithRSAEncryption",
      "good": false,
      "root": false,
      "replacement": "http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt",
      "expires": "2023-03-08T12:00:00.000Z",
      "name": "DigiCert Secure Server CA"
    }
  ],
  "diagnosis": "bad"
}

If there's an error, you'll get some JSON with an error flag of true, and the process will exit with code 1:

$ ./bin/shaaaaaaaaaaaaa bad-domain

{
  "error": true,
  "domain": "bad-domain",
  "message": "Couldn't lookup hostname."
}

Author

This is a tiny tool by Eric Mill. Released under an MIT License.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SHAAAAAAAAAAAAA

How do I update to SHA-2?

How can I help?

Running the website

Command line version

Author

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

SHAAAAAAAAAAAAA

How do I update to SHA-2?

How can I help?

Running the website

Command line version

Author

About

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages