Bulk SSL Checker

A CSR is signed by the private key corresponding to the public key in the CSR. This check verifies the signature on the CSR is valid. An invalid signature indicates that the CSR has been modified since it was created or the public key in the CSR doesn't correspond to the private key used to sign it.

This check checks if the CSR's name contains a field with no value. For example, the CSR Decoder would issue a warning about the name given below because the locality field is present, but has no value.

CN=www.acme.com, O=acme, L=, C=gb

The reason for this warning is that some CAs may reject CSRs that contain fields with empty values.

Checks for weak RSA keys generated by Debian-based systems.

In May 2008, the Debian team announced that Luciano Bello had discovered a vulnerabilty in the Debian OpenSSL package. The impact was that all SSL and SSH keys generated on Debian-based systems (including Ubuntu) released between September 2006 and May 13th 2008 may be affected. The Debian Security Team disclosed this vulnerability in Debian Security Advisory 1571. The best resource on this vulnerability is the Debian Wiki. We have also written about this in our CSR FAQ.

NIST recommends a minimum RSA key size of 2048-bits after 31 December 2010.

For a number of years now many prominent voices in the security community have suggested a move away from 1024-bit RSA key lengths by the end of 2010. In Special Publication 800-57 NIST recommends that 1024-bit RSA keys only be used to protect data until 2010. In 2003, RSA Labs published a document that recommended 1024-bit RSA keys should not be used to protect data with a lifetime beyond 2010.This check warns you if the RSA key size is less than 2048 bits

Bulk SSL Checker checks the list of sites you upload and emails you the results so that you don't waste time checking sites one at a time.

Below is a short video showing you how it works

We know that sometimes you may have many SSL sites to check and that checking lots of sites one at a time is tedious and long-winded. For this reason, we have created Bulk SSL Checker.

Bulk SSL Checker has many features including:

Easy to use - just upload a list SSL-enabled websites to check
Emails reports directly to you in both CSV and HTML formats
The report highlights issues including:
- expired certificates
- certificates expiring in 90 days or less
- untrusted certificates
- certificates that contain weak keys due to a security flaw in older versions of Debian based systems
- certificates that may cause a breach in security or policy due to key length
- certificates that do not list the hostname they are associated with

To use Bulk SSL Checker:

Log in ( If you don't have an account just create an account IT'S FREE)
Upload a file containing a list of hostnames to check
Wait a short while for your results to be emailed to you

Give Bulk SSL Checker a try and let us know what you think...