ssl-diagnostic-tool is a command-line tool to diagnose SSL/TLS certificate issues. It helps developers and operators quickly understand:
- Why certificate validation might fail
- Whether certificates are expired, self-signed, or missing from the truststore
- Whether the full certificate chain is present
- Which truststores (system or internal) trust each certificate
- Supports system truststore (
cacerts). - Supports internal truststore (corporate JKS files).
- Provides human-readable diagnostics in plain English.
- Works as a standalone JAR or in Docker.
- Easily integratable into CI/CD pipelines.
./build.sh# With internal truststore
export TRUSTSTORE_PATH=/path/to/custom-truststore.jks
export TRUSTSTORE_PASSWORD=changeit
./run.sh https://example.comdocker build -t ssl-diagnostic-tool .
docker run --rm -e TRUSTSTORE_PATH=/path/to/custom-truststore.jks -e TRUSTSTORE_PASSWORD=changeit ssl-diagnostic-tool https://example.com| Property | Description |
|---|---|
internal.truststore.path |
Path to your internal truststore (JKS file) |
internal.truststore.password |
Password for the internal truststore |
javax.net.ssl.trustStore |
(Optional) Override system truststore path |
javax.net.ssl.trustStorePassword |
(Optional) Override system truststore password |
Contributions are welcome! Please follow these guidelines:
- Fork the repository.
- Create a new branch.
- Make your changes.
- Submit a pull request.
This project is licensed under the MIT License. See LICENSE for details.