SSL Labs Server test is a great tool for ensuring that your Citrix ADC Gateways are secured. By entering a URL into SSL Server Test (Powered by Qualys SSL Labs) and waiting gives you a indication if your VIP is exposed to known vulnerabilities and presents this as a graded score (F to A+). Getting an A+ is the target however running the test manually only gives you the result for the time of the test.
If you have multiple administrators who have access to your ADC’s or potentially the security goalposts move this may result in your ADC’s becoming vulnerable again which you would only discover by running the SSL test again.
Luckily for us SSL labs have created an API that we can use to perform tests and obtain some detail around the current score.
Armed with my rudimentary PowerShell and API skills I wrote a script. This script is designed to be run as part of a scheduled task and takes a list of URI’s from a CSV file within the same directory as the script and initiates the SSL server test against them. The script can be run ad-hoc too and provides PowerShell console output during the process.
Simply create a CSV or use the one already within the directory and place a list of URI’s within the CSV, then run the script.
During the creation of the script I noted that the API’s returned errors which seemed to be some kind of rate limiting so there are some countdown timers and sleeps etc to ensure that the API’s do not deny multiple Uri requests from the same source.
The results are then written into a txt file and also displayed as a pop-up window. This script is at version 0.1 so it works just fine but I will be looking to improve it shortly.
Head over to https://github.com/scifidale/SSL-Labs-Checker to grab a copy of it.
Author: Dale Scriven