I have close to 300 URLS to check; is there a batch run process?
I would recommend to use the official SSL Labs command-line client, ssllabs-scan. You can get it here: GitHub - ssllabs/ssllabs-scan: A command-line reference-implementation client for SSL Labs APIs, designed for automated …
You might try using the SSL Labs API for scheduled and bulk assessment:
Qualys SSL Labs - Projects / SSL Labs APIs
Qualys Vulnerability Management incorporates SSL Labs grades via the Assets -> Certificates tab, which may also help. This was added in Qualys Suite 8.5 and 8.6.
Few years ago I have written few commands in bash script and today I have checked and they are still working without a problem. See this thread: Regular checks
Maybe what is benefit of my bash script is it should be running without any installation (maybe on some Linux distributions gawk package is required to be installed, but this depends on distribution used).
My script does checks one server at the time in order to be good citizen and not overload the ssllabs servers. Also script saves the grade to output file and if test is rerun first it checks if ssllabs got a new version and if not then check is not performed to preserve ssllabs resources as much as possible. Why is this important? Because you can schedule this script knowing that impact on ssllabs server is very low at least until ssllabs version changes.
Thanks for pointing this out.
I tested this official ssllabs client and compared it to my script. In my humble opinion:
Advantages of official ssllabs client comparing to my bash script1. You can get a lot of more information from test in JSON output. My script only outputs grade, something similar like 'sslabs-scan --grade'.2. Because it is official client, you can be sure official support is going to be offered by ssllabs and fix will probably land soon.
3. Because it is official client, it is most probably tested before new server version is put into production. My script can brake if some web design of ssllabs test is changed. You can be pretty sure Qualys does not test my script for every change they make. But on the other hand design changes are not frequent, so this may not be so huge problem.
Advantages of my script comparing to ssllabs script1. It looks like when running ssllabs-scan for the same domain it always takes 90+ seconds. If my script is rerun it will get the result from server cache and so the result is instant.2. It looks like ssllabs-scan does not store any history. My script checks for ssllabs test version and if version hasn't changed the test is not re-run, because there is no need to rerun the test on the same test version, because the same grade is going to be returned. So my script is more ssllabs server resource friendly and if having multiple domains to test, my script will finish much much faster, so it can be scheduled like daily job for 300 servers and ssllabs resources will be impacted extremely low when test version is the same, only main https://www.ssllabs.com/ssltest/index.html will going to be downloaded 300 times which is really nothing.3. My script has got only 40 lines of code. Code of ssllabs is 1000+ lines of code. Yes, sslabs code does offer more then my script, so it is obvious not fair comparison. But it depends what you need, if only grade is required then 40 lines of code is not bad and someone could in my humble opinion more easily fix the problem, it is easier to read 40 lines of code vs. 1000 lines of code.
What to choose? It depends what you need. If you need really stable solution and multiple information from test, then ssllabs-scan is obvious much better (or only) solution. But if you need some kind of daily schedule for like 300+ servers and the time to finish the test is important, then maybe you should consider my alternative.
thank you J for sharing this script; I will continue to follow it's discussion threads and improvements.
thank you all who pointed me to the API; this will be useful in many cases.
Retrieving data ...