Working with Lync everyday for a number of different organizations, I often need to gather information about the certificates that they’re using, or perhaps that a federated organization is using. This can be on a Lync Edge server, reverse proxy, web server, Exchange server, load balancer, or any number of other devices. The easiest way for me to get an overview of the certificates in use is with DigiCert’s SSL Certificate Checker.

When you enter an FQDN into the checker, you’re provided with a page of information including the Common Name/Subject Name, any Subject Alternate Names, and a variety of cryptography and administrative items.  A couple of certificate vulnerabilities are checked, as is the expiry date, revocation lists, and the certificate chain through any intermediates to the Root CA is validated.

I really appreciate how the checker displays some items with comments like “Signature algorithm = SHA1 + RSA (good)”, giving you a quick indication if things are in order.

If you’re not sure of an FQDN, you can use an IP address. I’ll do this sometimes when I don’t know the hostname for a server, but I know the IP address or the address of another server at the organization (changes are the one I’m after is plus or minus a few IP addresses). When you run the checker by IP address, you’ll receive a warning that the Certificate name doesn’t match what you entered. That’s fine, you can have a look at the Common Name and Subject Alternate Names and re-run the checker with one of those if you’d like.

Have you ever found yourself with a CSR file (a Certificate Signing Request), wondering what’s in it? The good news is that you can decode a CSR so that it’s human readable. There are a number of ways to do this, however the one I find easiest is this website

I use this whenever I’ve generated a CSR from a command line where there are a gazillion parameters and maybe and ini file involved, just to make sure that everything came through correct. This is especially useful if you’re the one generating the CSR, and you hand the CSR off to someone in another department to submit it to the certificate authority.

The DigiCert Certificate Utility is one of the best certificate tools out there. You can use it to generate requests and process new certificates or renewals, fix missing private keys, fix certificate chains that are missing certificates – from any vendor, not just DigiCert. If you’re a programmer, you can use this to sign files and batches of code.

You can find this little bit of magic, along with the rest of what it can do, right here

The utility doesn’t install, it’s just an exe that you run. Best of all, it’s totally free!