We just released version 0.6.1 of the SSLMate command line program, with new features to make SSL certificate management even easier.

Test your installation with sslmate test

SSLMate already makes certificate installation more robust by automating away error-prone steps like assembling the correct intermediate certificate chain. Still, it's nice to have peace of mind that your certificates are installed correctly, which is why there is a new command, sslmate test.

To use sslmate test, simply run it with the name of your certificate as follows:

sslmate test www.sslmate.com

When you run sslmate test, SSLMate connects to your server and verifies that it is serving the same certificate that is contained in your SSLMate account, and that it has the correct certificate chain. A successful test outputs the following:

www.sslmate.com (50.116.51.121): Good www.sslmate.com (2600:3c03:e000:8a::1): Good sslmate.com (50.116.51.121): Good sslmate.com (2600:3c03:e000:8a::1): Good

By default, SSLMate tests port 443 of every IP address (including IPv6!) of every hostname listed in the certificate (including alternative names). You can test a different host or port by specifying the --host or --port options.

Note that sslmate test is meant for testing that your SSLMate certificates are installed correctly. For more in-depth testing of ciphers and other security settings, we recommend SSL Labs' SSL Server Test.

Get a temporary certificate with --temp

Although the process of buying and approving a certificate is extremely fast with SSLMate, it does require the domain owner to approve the certificate. Sometimes it's not convenient to approve the certificate at the same time that the certificate is purchased. For instance, you might be setting up SSL on behalf of a client who has to approve the certificate themselves, or sslmate buy might be running completely unattended from a configuration management script.

In these instances, you can pass the --temp option to sslmate buy, and instead of waiting for the certificate to be approved, sslmate will return immediately with a temporary, self-signed certificate. Although this certificate won't be trusted by browsers, you can configure your server with this certificate and get up and running with SSL immediately, instead of having to interrupt your workflow and configure your server later.

When your actual certificate is issued, you can download it with the sslmate download command. As with auto-renewals, you can automate this step by configuring your server to periodically run sslmate download and restart your services if new certs are downloaded.

Upgrading

If you've installed SSLMate through APT or Yum, upgrading is as simple as running apt-get update && apt-get upgrade or yum update. If you're using Homebrew, an updated formula should be available later today. Otherwise, head over to our install page or our GitHub repository to download and install the new version.

(Note: SSLMate 0.6.0, which was also released today, introduced an error with newer versions of Perl. It was quickly superseded by 0.6.1.)