In this blog post, we will find the SSL Labs rating of a website using the command line or Terminal.
What is SSL Labs rating?
SSLLabs or SSL Labs is a website that rates the SSL / TLS certificates and web server configurations for a website. The grading system was developed by Qualys SSL Labs. The rating helps website admins and Linux admins understand the security posture of their SSL / TLS implementations and identify areas for improvement. Or maybe just because the internal security department insisted that they get an A- or higher.
The ratings range from A+ (highest) to F (lowest). Many factors are involved, including protocol support, key exchange strength, cipher strength, and overall configuration.
How can I check the SSL Labs rating of my website?
Go to the SSL Labs website at https://www.ssllabs.com/ssltest/ and enter your domain there and click on Submit.
If you want to write a shell script to do this from the terminal, read on.
Create a shell script to find the SSL Labs rating
Create a file, ssllabs_rating.sh, with these contents.
ssllabs_rating.sh
#!/bin/bash
#
# Bash script to check SSLLabs rating for a domain
# Created by Arul John https://aruljohn.com
#
# Check SSL configuration rating
DOMAIN="aruljohn.com"
echo ">> Checking SSL Labs rating for $DOMAIN"
JSONDATA=$(curl -s "https://api.ssllabs.com/api/v3/analyze?host=${DOMAIN}")
RATING=$(jq -r '.endpoints[0].grade' <<< "$JSONDATA")
if [[ -n "$RATING" && "$RATING" != "null" ]]; then
echo "✅ Rating: $RATING"
else
echo "-- SSL Labs rating for $DOMAIN is not yet available."
echo " Please run this script after 60 seconds."
echo " Or, you can wait for 60 seconds. Snoozing now 😴"
sleep 60
JSONDATA=$(curl -s "https://api.ssllabs.com/api/v3/analyze?host=${DOMAIN}")
RATING=$(jq -r '.endpoints[0].grade' <<< "$JSONDATA")
echo "✅ Rating: $RATING"
fi
Then, chmod it to 755.
chmod 755 ssllabs_rating.sh
Run the bash script
./ssllabs_rating.sh
Your output will be something like this:
$ ./ssllabs_rating.sh >> Checking SSL Labs rating for aruljohn.com ✅ Rating: A+
You can refine this to alert you if the SSL certificate has expired or is nearing expiration, within 30 days, or something similar.
How does this bash script work?
SSL Labs has an API endpoint that returns JSON output with the information.
The endpoint is https://api.ssllabs.com/api/v3/analyze?host=${DOMAIN}
The first time you make the REST call for a domain, the server takes about a minute or so to get the data. The endpoints[0].grade key will then be added to the actual grade. Before that, it would be non-existent or return null.
That is the reason I put a sleep 60 after the first REST call to make it pause before making the REST call again.
No jq in my computer
Some Linux / macOS operating systems do not come with jq installed. jq is required for this bash script because it will parse the JSON output and traverse through the tree to get the grade.
If you do not have jq, you will have to install it first.
Conclusion
You can update this script to suit your needs. You probably will accept a domain name as an input argument or multiple domain names. If you want that, let me know and I will update this blog post with code for that.
If you have used this at work or for personal use, let me know in the comments or via email. Thanks for reading!
Related Posts
If you have any questions, please contact me at arulbOsutkNiqlzziyties@gNqmaizl.bkcom. You can also post questions in our Facebook group. Thank you.