The Red Kestrel CertAlert product can be used to scan your network to find and check SSL certificates. You simply provide it with IP and Port ranges (or list of hosts) and CertAlert will scan your network for SSL certificates and provide a detailed report. The report will include information on expired certificates, expiring certificates, short key certificates, certificates using weak algorithms etc. The product can also be configured to automatically alert administrators when certificates are approaching expiry - see CertAlert for more information.

SSL Cert Checking Features

The tool offers several features to check SSL certs including:

  • Searches networks by IP range or list of hosts for certs
  • Runs a number of checks on each SSL certificate found
  • Reports identify expiry dates and potential security issues

DOS Command Window

Below is an example when SSL cert checking is run from the DOS command.

CertAlert is a pure .NET console application. Using a text file containing list of hostnames and optional port numbers as input, CertAlert will report the expiration status of each certificate it finds. It provides detailed CSV reports of the certificate information collected; the report format is suitable for importing into other applications such as a spreadsheet or database. While running, CertAlert can write certificate details to a DOS command window to provide feedback on its progress. In addition, alerts and a summary report can be emailed by CertAlert to one or more recipients. CertAlert can be run manually from a DOS command window or called periodically by the Windows Scheduler.

Check SSL Reports

After each scan the product creates a report containing information about the certificates found.