SSL Chain Checker Documentation

A comprehensive tool for SSL/TLS certificate chain inspection, validation, and security analysis. Designed for security professionals and system administrators.

Installation

First, make sure you have Python installed:

# For Windows: Download from python.org
# For Mac
brew install python3
# For Linux (Ubuntu/Debian)
sudo apt install python3 python3-pip
# For Linux (Fedora)
sudo dnf install python3 python3-pip

Clone the repository:

git clone https://github.com/Garrett12123/ChainCheck.git
cd ChainCheck

Install required dependencies:

python3 -m pip install -r requirements.txt

Core Features

Certificate Chain Analysis

  • Fetch and validate complete certificate chains
  • Display certificate hierarchy (leaf, intermediate, root)
  • Extract Subject Alternative Names (SAN)
  • Export certificates to PEM files
  • Save detailed chain information in JSON format

Security Testing

  • Test supported TLS versions (1.2, 1.3)
  • Analyze cipher suites
  • Check for common vulnerabilities
  • Verify secure renegotiation support
  • Monitor certificate expiration

Server Health Checks

  • Measure response times
  • Verify HTTP security headers
  • Test TCP connection health
  • Analyze SSL/TLS configuration

Usage

# Basic certificate chain analysis
python3 chaincheck.py example.com

# Run in interactive mode
python3 chaincheck.py -i

# Show help message
python3 chaincheck.py -h

Advanced Usage

Certificate Transparency Analysis

# In interactive mode, select option 7
⚡ Enter choice (1-10): 7

Certificate Transparency Analysis for example.com:
─────────────────────────────────────────────────
Overview:
Total certificates found: 15
Number of different issuers: 3

Timeline:
First certificate: 2022-01-15
Most recent certificate: 2024-02-20
History length: 766 days

Full Security Scan

# In interactive mode, select option 8
⚡ Enter choice (1-10): 8

Comprehensive Security Scan for example.com:
─────────────────────────────────────────────────
✓ TCP Connection         │ 45.23ms
✓ HTTPS Response        │ 125.45ms
✓ HTTP Status           │ 200 OK
✓ HSTS                  │ max-age=31536000
✓ Content Type Options  │ nosniff
✓ Frame Options         │ SAMEORIGIN
✓ XSS Protection        │ 1; mode=block
✓ CSP                   │ default-src 'self'

Requirements

  • Python 3.8 or higher
  • OpenSSL 1.1.1 or higher
  • Network access to target domains
  • Required Python packages (see requirements.txt)

Links