On 26/05/2016 18:33, R-D intern wrote: > Hello, > I have implemented ssl for my internal server that listens over a > private ip. Can anyone suggest how can I test my ssl_server? For eg. Qualys > test shows the amount of ssl implementation of a server listening over > public ip and even checks for vulnerabilities in ssl implementation. How > can such a thing be tested for a server listening over private ip? > Please help. Awaiting response. > Regards, > R-D Intern > Indeed, there are many servers that cannot be reached by the online configuration tests such as the one run by Qualsys. What would be really nice would be if one of the good test suites could be downloaded and run locally on internal servers, non-web servers, staging servers etc. to verify that configurations are correct, or at least as good as possible. Note (for some of the other repliers) that this is not about unit-testing or software testing, but about testing if a finished system has been correctly configured and assembled. In other words, the question isn't "is there a bug in my new/changed code?". But "Did I accidentally configure this Apache HTTPS server with RSA-EXPORT enabled or something equally dangerous?", "Does the STARTLS mail server I just installed implement OCSP stapling safely?", "Did I install the correct set of intermediary CA certs in the returned chain?", and hundreds of similar questions. QualSys does an excellent job checking this for public port 443 https servers, but nothing else, a downloadable copy of the QualSys code without the policy restrictions of the online service would be one way of filling the gap. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
