Last active
December 26, 2023 22:59
-
-
Save brianmichel/cd889843a06e9def435204394be8bba7 to your computer and use it in GitHub Desktop.
Test DNS resolution and SSL connectivity to a given host.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Runs various networking tests to help debug connectivity issues to a specific host. | |
.PARAMETER Uri | |
The Uri that should be used as the remote host. This should be something like 'www.arc.net' which will be used | |
to test by DNS and SSL connectivity as needed. | |
.PARAMETER TestDns | |
Whether or not to test DNS resolution to the provided Uri | |
.PARAMETER TestSsl | |
Whether or not to test SSL connectivity and validity to the provided Uri | |
#> | |
param ( | |
[Parameter(Mandatory = $true)] | |
[string] $Uri, | |
[switch] $TestDns, | |
[switch] $TestSsl | |
) | |
function Test-DnsResolution { | |
param ( | |
[string] $Uri | |
) | |
Write-Host "Clearing DNS Client Cache..." | |
Clear-DnsClientCache | |
if (!$?) { | |
throw "Unable to clear Dns Client Cache" | |
} | |
Write-Host "Successfully cleared DNS Client Cache!" -ForegroundColor DarkGreen | |
Write-Host "Attempting to resolve host $($Uri)" | |
$resolutionResults = Resolve-DnsName -Name $Uri | |
$formattedResults = ($resolutionResults | select-object IPAddress).IPAddress -join ", " | |
if (!$?) { | |
throw "Unable to resolve host" | |
} | |
Write-Host "Successfully resolved $($Uri) to $($formattedResults)" -ForegroundColor Blue | |
} | |
function Test-SslCertificate { | |
param ( | |
[string] $Uri, | |
[string] $Port = "443" | |
) | |
$Socket = New-Object System.Net.Sockets.Socket( | |
[System.Net.Sockets.SocketType]::Stream, | |
[System.Net.Sockets.ProtocolType]::Tcp) | |
$Socket.Connect($Uri, $Port) | |
try { | |
$NetStream = New-Object System.Net.Sockets.NetworkStream($Socket, $true) | |
$SslStream = New-Object System.Net.Security.SslStream($NetStream, $true) | |
$SslStream.AuthenticateAsClient($Uri) | |
$RemoteCertificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]$SslStream.RemoteCertificate | |
$DisplayData = [ordered]@{} | |
$DisplayData.Add("Issuer", $RemoteCertificate.Issuer) | |
$DisplayData.Add("Subject", $RemoteCertificate.Subject) | |
$DisplayData.Add("Valid From", $RemoteCertificate.NotBefore) | |
$DisplayData.Add("Valid Until", $RemoteCertificate.NotAfter) | |
$DisplayData.Add("Signature Algorithm", $RemoteCertificate.SignatureAlgorithm.FriendlyName) | |
$DisplayData.Add("Serial Number", $RemoteCertificate.SerialNumber) | |
$DisplayData.Add("Thumbprint", $RemoteCertificate.Thumbprint) | |
$FormattedCertificate = $DisplayData | Format-Table | Out-String | |
Write-Host "Successfully retreived SSL certificate " -ForegroundColor Blue | |
Write-Host $FormattedCertificate -ForegroundColor DarkGray | |
Write-Host "Attempting to validate the retreived certificate from $($Uri)..." | |
$CertificateValid = Test-Certificate -Policy SSL -Cert $RemoteCertificate | |
if ($CertificateValid) { | |
Write-Host "SSL certificate provided by $($Uri) is valid!" -Foreground Blue | |
} | |
else { | |
Write-Error "SSL certificate provided by $($Uri) is invalid" | |
} | |
} | |
catch { | |
Write-Error "Unable to test SSL certificate for host, $($Uri). $($PSItem)" | |
} | |
finally { | |
$SslStream.Close() | |
} | |
} | |
if ($TestDns) { | |
Write-Host "Testing DNS resolution for $($Uri)..." -ForegroundColor Yellow | |
Test-DnsResolution -Uri $Uri | |
} | |
if ($TestSsl) { | |
Write-Host "Testing SSL certificate for $($Uri)..." -ForegroundColor Yellow | |
Test-SslCertificate -Uri $Uri | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment