Research and Development

vessl is a bash script that can fetch and verify the SSL certificate of a remote server.

It was originally written in order to script up the ability to verify SSL certificates across a large network.

Key features

  • vessl will connect to any service that OpenSSL can
  • It will extract and verify against a given CA Pem file
  • It will check that certificate matches the host it is on
  • It produce a map going from IPs to hostname
  • Checks to see if certificate is based on a blacklisted Debian key



vessl -h host [-p port] [-c certfile] [-v]

Output Files

By default the output will be 3 files:


The first is the verification data, the second is the certificate and the third maps IP to SSL Hostname, e.g., (

Generating a CA PEM file


emerge ca-certificates
mkdir /etc/certs
cat /usr/share/ca-certificates/mozilla/* > /etc/certs/mozilla.pem


apt-get install ca-certificates
mkdir /etc/certs
cat /usr/share/ca-certificates/mozilla/* > /etc/certs/mozilla.pem

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)