SSL Certificate discovery script

Heartbleed…. well….if you were vulnerable you need to replace (and importantly re-key) all your certificates that may have had their private keys revealed. Remember that although it is only OpenSSL that was vulnerable, if you use a certificate on multiple platforms, you will need to re-certificate everything, not just the devices running the now patched OpenSSL.

Not only is the task of identifying all your vulnerable devices a task in itself, finding where all your certificates are to begin the process of re-installation can be a pretty impressive feat on its own.

Scripting a discovery scan

The below bash script can be used to complete a scan against a list of IP addresses or DNS entries and will report back on the Common Name of the certificate installed.

Continue reading “SSL Certificate discovery script”

Using .htaccess to force redirection of all traffic to HTTPS

If you have implemented an SSL certificate on your site and want to easily redirect ALL requests to HTTPS (which is security best practice and easily avoids unsightly protocol mismatch errors within a users browser), you can use a very simple addition to your .htaccess file to complete this.

How to

Simply add the following to your .htaccess file:

RewriteEngine On 
 RewriteCond %{HTTPS} !on 
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You will then be forced by Apache to load resources using HTTPS.


If this does not take effect, you will need to examine whether your host is disabling .htaccess files within your environment (which is fairly rare).

You will also need to spend some time confirming that all resources are either being loaded using relative links from your code or are not being called from external services on HTTP to avoid any content protocol mismatch errors for your users.