Thursday, December 31, 2020

Test website SSL with Windows PowerShell

How to test a website SSL certificate with Windows PowerShell

#  Test Website SSL Certificate
#  by: Larry Billinghurst
#  date: 31 Dec 2020

# Example:   .\test-ssl.ps1 -SiteURL https:\\ -ReportFile "C:\support\temp99.txt"

    [string]$SiteURL = "",
    [string]$ReportFile = $env:TEMP + "\sslreport.txt"

$TempCerFile = $env:TEMP + "\sslchecktemp.cer"
$tempReportFile = "sslreport.txt"

#------------------------- Functions

function Get-WebsiteCertificate {
  param (
    [Parameter(Mandatory=$true)] [System.Uri]
    [Parameter()] [System.IO.FileInfo]
    [Parameter()] [Switch]
    [Parameter()] [Switch]
    [Parameter()] [Switch]
  try {
    $request = [System.Net.WebRequest]::Create($Uri)
    if ($UseSystemProxy) {
      $request.Proxy = [System.Net.WebRequest]::DefaultWebProxy

    if ($UseSystemProxy -and $UseDefaultCredentials) {
      $request.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

    if ($TrustAllCertificates) {
      # Create a compilation environment
      $Provider=New-Object Microsoft.CSharp.CSharpCodeProvider
      $Params=New-Object System.CodeDom.Compiler.CompilerParameters
      $Params.ReferencedAssemblies.Add("System.DLL") > $null
        namespace Local.ToolkitExtensions.Net.CertificatePolicy {
          public class TrustAll : System.Net.ICertificatePolicy {
            public TrustAll() { 
            public bool CheckValidationResult(System.Net.ServicePoint sp,
              System.Security.Cryptography.X509Certificates.X509Certificate cert, 
              System.Net.WebRequest req, int problem) {
              return true;

      ## We now create an instance of the TrustAll and attach it to the ServicePointManager

    $response = $request.GetResponse()
    $servicePoint = $request.ServicePoint
    $certificate = $servicePoint.Certificate

    if ($OutputFile) {
      $certBytes = $certificate.Export(
      [System.IO.File]::WriteAllBytes( $OutputFile$certBytes )
      return $OutputFile
    } else {
      return $certificate
  } catch {
    Write-Error "Failed to get website certificate. The error was '$_'."
    return $null

      Retrieves the certificate used by a website.

      Retrieves the certificate used by a website. Returns either an object or file.

      The URL of the website. This should start with https.

    .PARAMETER  OutputFile
      Specifies what file to save the certificate as.

    .PARAMETER  UseSystemProxy
      Whether or not to use the system proxy settings.

    .PARAMETER  UseDefaultCredentials
      Whether or not to use the system logon credentials for the proxy.

    .PARAMETER  TrustAllCertificates
      Ignore certificate errors for certificates that are expired, have a mismatched common name or are self signed.

      PS C:\> Get-WebsiteCertificate "" -UseSystemProxy -UseDefaultCredentials -TrustAllCertificates -OutputFile C:\gmail.cer

      Does not accept pipeline input.

      System.Security.Cryptography.X509Certificates.X509Certificate, System.IO.FileInfo

#-------------------- Main 

#Get Website SSL certificate and save to temp file
Get-WebsiteCertificate -Uri $SiteURL -OutputFile $TempCerFile
# Check Certifacate 
Write-Host "------------------------- SSL Report -------------------------"
certutil -f -urlfetch -verify $TempCerFile |Tee-Object $ReportFile

# Remove Report file if not requested
if ($tempReportFile -eq ($ReportFile|Split-Path -Leaf)) {Remove-Item $ReportFile}

# Remove Temp Cert File
Remove-Item $TempCerFile

Monday, December 21, 2020

Export SonicWALL config to text

Needed a way to export the SonicWALL config file to plane text.

It did not work correctly with Python3.

PS C:\support\fw> python.exe .\ .\sonicwall-NSA_2600.exp
  File ".\", line 454
    print ""

I found the 2to3.exe tool in the Python tools directory.

Made a copy of the file
.\copy C:\temp\ C:\temp\ 

Ran the tool
.\2to3.exe C:\temp\ -w

After converting with 2to3.exe tool still received a error

python.exe .\ .\sonicwall-NSA_2600.exp

Traceback (most recent call last):
  File ".\", line 14, in <module>
    decoded_data =  decoded_data.split("&")
TypeError: a bytes-like object is required, not 'str'

A little research found we needed to convert the byte-like object to string
decoded_data = decoded_data.decode(encoding="utf-8"# Python 3

After the update the parser worked without issue.
python.exe .\ .\sonicwall-NSA_2600.exp  >test.txt

I posted the updated files on GitHub