CLI Reference

Complete reference for all ssl-toolkit command-line options and commands.

Synopsis

ssl-toolkit [OPTIONS]
ssl-toolkit [OPTIONS] -d <DOMAIN>
ssl-toolkit cert <SUBCOMMAND>

Global Options

FlagValueDescription
-d, --domain<domain>Target domain to analyze
-i, --ip<address>Override IP address for connection
-p, --port<port>Target port (default: 443)
--non-interactiveRun all checks without prompts
-q, --quietOnly output the security grade
--jsonOutput results in JSON format
-o, --output<file>Export HTML report to file
-v, --verboseShow detailed check information
--skip-whoisSkip WHOIS lookup
--timeout<seconds>Connection timeout (default: 10)
--config<file>Custom configuration file path
-h, --helpPrint help information
-V, --versionPrint version information

Certificate Commands

The cert subcommand provides operations for working with local certificate files.

cert info

Display certificate details from PEM files.

ssl-toolkit cert info <FILES...>

Arguments:

  • <FILES...> — One or more PEM certificate files to inspect

Example:

ssl-toolkit cert info server.pem intermediate.pem

cert verify

Verify certificate and key pairs or validate certificate chains.

ssl-toolkit cert verify [OPTIONS]

Options:

FlagValueDescription
--cert<file>Certificate file to verify
--key<file>Private key file to match against certificate
--chain<file>Certificate chain file to validate
--hostname<domain>Hostname to validate certificate against

Examples:

Verify certificate and key match:

ssl-toolkit cert verify --cert server.pem --key server.key

Validate certificate chain for hostname:

ssl-toolkit cert verify --chain fullchain.pem --hostname example.com

cert convert

Convert certificates between formats.

ssl-toolkit cert convert <FILE> --to <FORMAT> [OPTIONS]

Arguments:

  • <FILE> — Source certificate file

Options:

FlagValueDescription
--to<format>Target format: pem, der, or p12
-o, --output<file>Output file path
--cert<file>Certificate file (for P12 creation)
--key<file>Private key file (for P12 creation)

Examples:

Convert PEM to DER:

ssl-toolkit cert convert cert.pem --to der -o cert.der

Create PKCS#12 bundle:

ssl-toolkit cert convert --to p12 --cert cert.pem --key key.pem -o bundle.p12

Exit Codes

ssl-toolkit uses meaningful exit codes for scripting and CI/CD integration:

CodeStatusDescription
0SuccessAll checks passed, certificate is valid and secure
1WarningCertificate expiring soon (< 30 days) or minor issues detected
2FailureCertificate expired, connection failed, or critical security issue

Using Exit Codes

In shell scripts:

ssl-toolkit -d example.com --quiet
case $? in
  0) echo "Certificate OK" ;;
  1) echo "Certificate expiring soon" ;;
  2) echo "Certificate has critical issues" ;;
esac

In CI/CD pipelines:

# GitHub Actions example
- name: Check SSL Certificate
  run: ssl-toolkit -d ${{ env.DOMAIN }} --quiet
  continue-on-error: false

Environment Variables

VariableDescription
SSL_TOOLKIT_CONFIGPath to default configuration file
NO_COLORDisable colored output when set

Configuration File

ssl-toolkit can be configured via a TOML file. Default locations:

  • ~/.config/ssl-toolkit/config.toml (Linux/macOS)
  • %APPDATA%\ssl-toolkit\config.toml (Windows)

Example configuration:

[defaults]
timeout = 15
skip_whois = false
verbose = false

[dns]
providers = ["google", "cloudflare", "opendns"]

[output]
format = "text"  # or "json"

See Also