This article provides useful commands to verify various parameters of HTTPS, SSL and TLS endpoints.

These commands may be useful to troubleshoot Ingress controller and ingress rules.

1. Verify that a valid certificate is set for a specific HTTP host on a specific HTTP(S) endpoint.

This may be used, for example, to test that a valid HTTPS certificate was issued by letsencrypt for a certain ingress rule; in this case HOST should be the host DNS name specified in the ingress rule, and the ENDPOINT should be a corresponding ingress controller endpoint (e.g. load balancer address).

curl \

Print the certificate used by an HTTPS server for the specified host:

echo | \
  openssl s_client -showcerts -servername "$HOST" -connect "$ENDPOINT:$ENDPOINT_PORT" 2>/dev/null | \
  openssl x509 -inform pem -noout -text

2. Send HTTP request to analyze response

curl \
  -k \
  -H "Host: $HOST" \

3. Analyze TLS/SSL protocols and ciphers

for v in ssl2 ssl3 tls1 tls1_1 tls1_2; do
  for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do
    openssl s_client -connect $ENDPOINT -cipher $c -$v < /dev/null > /dev/null 2>&1 && echo -e "$v:\t$c"

The online SSL testing tools such as can also be used.