This repository contains the code for shaaaaaaaaaaaaa.com, a tool to check whether your site's certificate is signed using SHA-1 (common, bad) or SHA-2 (rare, good).
Read more about why I built this tool, and why replacing SHA-1 is important.
This tool does not validate certificates, or test anything besides SHA-1 vs SHA-2. For that, please visit the magnificent SSL Labs for a far more comprehensive review of your SSL configuration.
Depends on openssl to download certificates. See below for a command line version.
Read the instructions on shaaaaaaaaaaaaa.com for replacing your cert and any intermediates.
Check out the issue tracker. The biggest things are:
- Some annoying domain errors on edge cases in Google's DNS.
- Mapping out common certificate issuers so we can easily link people to replacements.
- Hunting down more SHA-2 intermediate locations than we currently have on the site.
- More unit tests, especially for intermediate certificates and chained root certificates.
- Getting some Internet SHA-1 stats by running the command line tool over a list of top sites, like Alexa's [CSV download].
Really, just making the site better all around.
This app requires Node. Then, install dependencies:
npm installAnd run the app:
node app.js
For best results, make sure your system is using the latest version of openssl.
To check a domain's certificate on the command line, use this repository's command line tool:
./bin/shaaaaaaaaaaaaa isitchristmas.comThis will exit with code 0, and output formatted JSON to STDOUT:
{
"domain": "isitchristmas.com",
"cert": {
"algorithm": "sha1",
"raw": "sha1WithRSAEncryption",
"good": false,
"expires": "2016-04-08T11:47:28.000Z",
"name": "www.isitchristmas.com"
},
"intermediates": [
{
"algorithm": "sha256",
"raw": "sha256WithRSAEncryption",
"good": true,
"expires": "2017-10-24T20:57:09.000Z",
"name": "StartCom Class 2 Primary Intermediate Server CA"
}
]
}If there's an error, you'll get some JSON with an error flag of true, and the process will exit with code 1:
$ ./bin/shaaaaaaaaaaaaa bad-domain{
"error": true,
"domain": "bad-domain",
"message": "Couldn't lookup hostname."
}This is a tiny tool by Eric Mill. Released under an MIT License.