Example sites with broken security certs [closed]

Revisiting this. Here's a great online tool recently built: https://www.ssllabs.com/ssldb/analyze.html

e.g. Paypal: https://www.ssllabs.com/ssldb/analyze.html?d=https://paypal.com

There are more details when you drill into a specific server.

When this question was asked I remember I was looking for resources I could use to build a tool that would automatically check if ssl was configured "properly" for a given site; at least that a given site was not going to display various ssl errors in various browsers. There are however many types of ssl/tls "misconfiguration" and many browsers handle the cases differently. Anticipating 100% if a browser is going to display any messaging at all or any given messaging about encryption is quite challenging as it turns out.

But this is a good manual tool. What would be great is an open source command line tool that has this level of summary, for plugging into deploy tests or monitoring.


For those interested to know more about ssl under the covers, this page is very well worth a read http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html