Usage Examples
This page covers common use cases and command patterns for ssl-toolkit.
Interactive Mode
Launch ssl-toolkit without arguments for an interactive experience:
ssl-toolkitOr specify a domain to get prompted for which checks to run:
ssl-toolkit -d example.comThe interactive menu includes options for:
- DNS Resolution
- TLS Connection analysis
- Certificate Details
- WHOIS Lookup
- Security Grade
- And more
Use arrow keys to navigate and Enter to select.
Domain Checks
Full Domain Analysis
Run all checks on a domain without prompts:
ssl-toolkit -d github.com --non-interactiveQuick Grade Only
Get just the security grade with minimal output:
ssl-toolkit -d example.com --quietCustom Port
Check a service running on a non-standard port:
ssl-toolkit -d example.com -p 8443Override IP Address
Useful for testing a specific server or before DNS propagation:
ssl-toolkit -d example.com -i 192.168.1.100Skip WHOIS Lookup
WHOIS lookups can be slow due to rate limiting. Skip them when not needed:
ssl-toolkit -d example.com --non-interactive --skip-whoisVerbose Output
Get detailed information about each check:
ssl-toolkit -d example.com --non-interactive --verboseCertificate Operations
View Certificate Details
Inspect a local PEM certificate file:
ssl-toolkit cert info cert.pemView multiple certificates at once:
ssl-toolkit cert info cert.pem intermediate.pem root.pemVerify Certificate and Key Pair
Check that a certificate and private key match:
ssl-toolkit cert verify --cert cert.pem --key key.pemValidate Certificate Chain
Verify a certificate chain is valid for a hostname:
ssl-toolkit cert verify --chain chain.pem --hostname example.comConvert Certificate Formats
Convert PEM to DER:
ssl-toolkit cert convert cert.pem --to der -o cert.derConvert PEM to PKCS#12 (PFX):
ssl-toolkit cert convert --to p12 --cert cert.pem --key key.pemCI/CD Integration
JSON Output
Get structured JSON output for parsing in scripts:
ssl-toolkit -d example.com --non-interactive --jsonExample JSON structure:
{
"domain": "example.com",
"grade": "A+",
"score": 100,
"certificate": {
"subject": "CN=example.com",
"issuer": "...",
"valid_from": "2024-01-01T00:00:00Z",
"valid_until": "2025-01-01T00:00:00Z"
},
"checks": [...]
}HTML Reports
Generate a standalone HTML report:
ssl-toolkit -d example.com --non-interactive -o report.htmlThe report includes embedded styles and can be viewed in any browser.
Exit Codes in Scripts
Use exit codes to integrate with CI/CD pipelines:
ssl-toolkit -d example.com --quiet && echo "SSL OK" || echo "SSL FAIL"Exit codes:
| Code | Meaning |
|---|---|
| 0 | Success — all checks passed |
| 1 | Warning — certificate expiring soon or minor issues |
| 2 | Failure — certificate expired, connection failed, or critical error |
Timeout Configuration
Set a custom connection timeout (default is 10 seconds):
ssl-toolkit -d example.com --timeout 30Advanced Usage
Custom Configuration File
Use a custom configuration file:
ssl-toolkit -d example.com --config /path/to/config.tomlMultiple Domain Checks
Check multiple domains in a script:
for domain in example.com github.com google.com; do
echo "Checking $domain..."
ssl-toolkit -d "$domain" --quiet
doneCertificate Expiry Monitoring
Create a simple monitoring script:
#!/bin/bash
DOMAINS="example.com github.com"
for domain in $DOMAINS; do
result=$(ssl-toolkit -d "$domain" --quiet 2>&1)
exit_code=$?
if [ $exit_code -eq 0 ]; then
echo "✓ $domain: $result"
elif [ $exit_code -eq 1 ]; then
echo "⚠ $domain: $result (warning)"
else
echo "✗ $domain: FAILED"
fi
done