Over a million developers have joined DZone.

SSL Testing Tool

DZone's Guide to

SSL Testing Tool

SSL is a building block of server security. Check out this quick article to see how one dev built an SSL/TLS connection testing tool.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

If you have a large number of servers, which are configured with SSL/TLS and you are out of track on their certificate validity, now all of sudden you are worried if some of the certificates are expired.

Or if I think in some other scenario where you are required to understand underlying SSL/TLS configuration of your servers e.g. CipherSuits, Protocols, etc.

Yes, in the traditional way, you can get all the information of your SSL/TLS configuration by logging into an individual server and checking the certificates, but it is very difficult if your environment size is very large.

To overcome this problem, I have to build a tool, which will give you get all the required details.

Source Code:

import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.X509Certificate;

* @author sidd

public class SSLFactory_Client {
    public static void main(String[] args){
       String hostname;
       Integer port;
           hostname = "google.com";
           port = 443;
           hostname = args[0];
           port = Integer.valueOf( args[1]);

       SSLFactory_Client sclient = new SSLFactory_Client();
       SSLContext sslContext = sclient.createSSLContext();
       try {
           SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
           SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(hostname, port);
           SSLSession sslSession = (SSLSession) sslSocket.getSession();

           System.out.println("SSLSession :");
           System.out.println("\tSessionID: "+  new BigInteger(sslSession.getId()));
           System.out.println("\tProtocol : "+sslSession.getProtocol());
           System.out.println("\tCipher suite : "+sslSession.getCipherSuite());
           System.out.println("\tServer: "+sslSession.getPeerHost());
           System.out.println("\tSSL Port: "+sslSession.getPeerPort());

           System.out.println("\nSupported Protocol :");
           for(int i=0;i<sslSocket.getEnabledProtocols().length;i++){

           System.out.println("\nSupported CipherSuites: ");
           for(int j=0;j<sslSocket.getEnabledCipherSuites().length;j++){

           X509Certificate[] certs = (X509Certificate[]) sslSession.getPeerCertificateChain();
           System.out.println("\nCertificate Chain Info :");
           for (int i =0;i<certs.length;i++){
               System.out.println("\tSubject DN :"+((X509Certificate) certs[i]).getSubjectDN());
               System.out.println("\tIssuer DN  : "+((X509Certificate) certs[i]).getIssuerDN());
               System.out.println("\tSerial No. : "+((X509Certificate) certs[i]).getSerialNumber());
               System.out.println("\tExpires On : "+((X509Certificate) certs[i]).getNotAfter()+"\n");
       } catch (Exception ex) {

    private SSLContext createSSLContext(){
           KeyStore keyStore = KeyStore.getInstance("JKS");
           keyStore.load(new FileInputStream("/opt/jdk1.8.0_102/jre/lib/security/cacerts"),"changeit".toCharArray());        

           // Create key manager
           KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
           keyManagerFactory.init(keyStore, "changeit".toCharArray());
           KeyManager[] km = keyManagerFactory.getKeyManagers();          

           // Create trust manager
           TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
           TrustManager[] tm = trustManagerFactory.getTrustManagers();

           // Initialize SSLContext
           SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
           sslContext.init(km,  tm, null);
           return sslContext; 
       } catch (Exception ex){
           return null;

Compile the code using javac (e.g. javac SSLFactory_Client .java).

Now, you can execute the program. You need to pass the hostname and port during the execution (e.g java SSLFactory_Client "google.com" 443) and you will get the output, which should look something like the screenshot below.


Note: This program can also be used for testing two-way SSL/TLS connections.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

security ,ssl ,tls ,server security

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}