SSLPing

Canary Islands, Spain
2015
  |  By Chris Hartwig
How I used Swarm to rearchitect a monolith. Some decisions take time to make. Should I learn Golang or Elixir? Should I use Docker Swarm or Kubernetes? You start by learning Docker, then you outgrow it when you want to deploy an app on more than one server. But you must choose between Swarm and k8s…
When Gitlab CI, Docker and Golang play well together
  |  By Chris Hartwig
SSLping was born as a side project. It’s useful to people, which is cool, but today it was also helpful to me! I use it to monitor my HTTPS websites. This morning, my own SSLping project sent me an email about how my website https://hire.chris-hartwig.com is about to expire (in 10 days): it’s using Letsencrypt, and it’s been 80 days since I installed the cert.
  |  By Chris Hartwig
TL;DR you’re never done with Let’s encrypt: once your servers are secure, you must ensure they stay that way. Let’s encrypt is a no brainer: this initiative benefits us all, with free domain-validated certificates. It’s easy to setup and free. There’s probably automatic installation for your web server of choice, the community behind it can help, and tutorials are everywhere. Then you head to https://.com and you’re done… not.
  |  By Chris Hartwig
It was in your TodoList: install the SSL certificate. So you’ve setup your SSL certificate on the web server. It’s quite trendy to use SSL. Google will give you a modest ranking bump, some users will feel safer, all is good. You have even tested your configuration with Qualys, got you an A+. Good job: most got a C, even banks. Now what? What will happen when your cert is about to expire? Your CA will send an email to renew your cert. But maybe someone in the accounting dept will get that email.

SSLPing can detect most SSL/TLS security issues such as weak ciphers and expired certificates. It can check your websites every day and give you a clear view of all your servers. Sign up and you'll receive email alerts whenever something goes bad.

When you register for a free account, you get a clear dashboard of all your servers and at a glance see if everything is OK. Plus you can check ports other than 443, tag servers, filter and sort results. But most importantly, SSLPing checks all your SSL servers every day, and if something changes, it emails you about it so your visitors won't get HTTPS warnings without you knowing. We'll tell you if we discover new problems, when we add more checks, so you don't have to worry about a cipher or protocol becoming compromised.

Which tests are performed:

  • SSLPing checks your security on four different levels: certificate, protocols and ciphers and known vulnerabilities.
  • It can detect most threats, and tests a list of 200+ ciphers for weak or very weak ciphers. Feel free to compare it with other tools and tell us if you feel some tests are lacking.
  • SSLPing promotes excellent security by clearly showing what you could improve.
  • It tests versions of TLS from SSLv3 to TLS1.2.
  • SSLPing is very fast but it doesn't hammer your servers with requests: there's no performance penalty for using it.

SSLping is used by 450+ users, to monitor 10500+ servers every day, and it's still free.