TLS / HTTPS Troubleshooting Tools

I spend a lot of time professionally working on TLS issues. Here are some of the tools I find useful.


The default TLS libraries and command line tools for Linux & other systems. You can perform many tasks with this alone, eg to check the certificates on a website:

openssl s_client -connect

OpenSSL cheatsheet


General HTTP / HTTPS + more command line tool. Supplied with Linux distros and windows too now! Offers particularly good support for proxying. To check certificate & headers from a webserver for example:

curl -I -v

Qualys SSL Server Test

A website that checks whether your https servers are correctly configured. Not much use if the servers are internal though (see SSLyze below).


Python based command-line tool to check TLS sites. Windows binary also available.

Bash / openssl (so minimal dependencies) tool to check TLS sites. Useful if you want to quickly check which versions of TLS protocol & which ciphers are offered. One of my favourite tools.

certainly something

A firefox extension that gives you 1-click access to viewing website certificate information – as browsers are increasingly hiding this information away.


Java based version of curl, useful to debug any java related TLS issues. Works with custom keystores, client certificates, etc.


A Man-In-The-Middle proxy that supports TLS decryption. A bit more friendly than Wireshark due to its specialization. lets you view certificate history for a domain. is a small script written by myself to check if keys match up to certificates.

wireshark / tcpdump

If you need to dig deep into the TLS handshake etc, tcpdump & its’ companion GUI app wireshark are the tools of choice. A basic tutorial.


A quick script written by me to view the certificate chain on a site – useful to ensure you’re including the intermediate for example.