I don’t understand. You wrote a tiny webserver in Go so you could scan it with StartSSL and verify if your certificate chain was correct because the issuer has too many intermediates and bad documentation? Wouldn’t the “openssl verify” command be more than sufficient to see if your chain is valid? I feel like I’m missing something here, sorry.
This tool only works if you install your certs in it and then point your production server to this tool. Otherwise TLS domain name validation will fail.
That doesn’t sound very practical. So if you are going to take your production site offline for this then you may as well just test the certificates live?
I don’t understand. You wrote a tiny webserver in Go so you could scan it with StartSSL and verify if your certificate chain was correct because the issuer has too many intermediates and bad documentation? Wouldn’t the “openssl verify” command be more than sufficient to see if your chain is valid? I feel like I’m missing something here, sorry.
The actual dumb part of server configuration is
Why? Why can’t you just throw a bunch of certificates at a server and it will do the right thing?
[Comment removed by author]
[Comment removed by author]
Maybe I am misunderstanding this, but …
This tool only works if you install your certs in it and then point your production server to this tool. Otherwise TLS domain name validation will fail.
That doesn’t sound very practical. So if you are going to take your production site offline for this then you may as well just test the certificates live?
[Comment removed by author]
[Comment removed by author]