This is a tool to instantly test if an application handles SSL certificates the way it is supposed to.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This is a tool to instantly test if an application handles SSL certificates the way it is supposed to.



The tool supports two modes:

  • Proxy: certslayer sets itself as a proxy and monitors for the specified target domains.
  • Standalone: certslayer creates a web server configured with the special test certificate. I found this service to be useful.
  • In both cases it will be necessary to install as a trusted root CA Certificate.

python -h

Usage: [options]

  -h, --help            show this help message and exit
                        Domain to be monitored, might be used multiple times
                        and supports regular expressions (Only valid for proxy
  -p PORT_ARG, --port=PORT_ARG
                        port to listen
  -m MODE_ARG, --mode=MODE_ARG
                        Operation mode: proxy or standalone
  -i HOST_ARG, --hostname=HOST_ARG
                        Hostname: the IP address or Domain name that the
                        certificate CN will stand for (Only valid for
                        standalone mode)
  -v, --verbose         Verbose mode

python -d -m proxy -p 9090

The proxy server binds to 9090 and redirects the connections made to the monitored domains to a rogue web server that is setup on the fly with a specific test certificate.

It generates a .CSV with the results of every test:


Client Address,Hostname,Current TestCase,Expected,Actual,,Trusted CA Invalid Signature,Certificate Rejected,Certificate Rejected,,Signed with Unknown CA,Certificate Rejected,Certificate Rejected,,Signed with CertSlayer CA,Certificate Accepted,Certificate Accepted,,Self Signed Certificate,Certificate Rejected,Certificate Rejected,,Wrong CNAME,Certificate Rejected,Certificate Rejected,,Signed with MD5,Certificate Rejected,Certificate Rejected,,Signed with MD4,Certificate Rejected,Certificate Rejected,,Expired Certificate,Certificate Rejected,Certificate Rejected,,Not Yet Valid Certificate,Certificate Rejected,Certificate Rejected