This is a full-stack project using Nextjs as frontend and built using Rust with the Actix-web framework, offering efficient, safe, and concurrent execution. The primary functionality involves fetching SSL certificates and extracting important certificate data such as issuer, subject, expiration date, and domain validation.
-
Next.js: The frontend of the application is built using Next.js and provides a single-page application (SPA) with server-side rendering (SSR) capabilities. The user interface is designed to be intuitive and responsive, allowing users to easily interact with the application.
-
Rust: Rust was chosen for its strong memory safety guarantees and performance benefits. Rust’s type system and ownership model eliminate many common bugs (e.g., null pointer dereferencing, data races), which makes it a great choice for building reliable and high-performance network services like SSL certificate checkers.
- TanStack Query is a Powerful asynchronous state management for TS/JS, React, Solid, Vue, Svelte and Angular. It gives hooks for fetching, caching and updating asynchronous data in React
- Axios is a promise-based HTTP Client for node.js and the browser. On the server-side it uses the native node.js http module, while on the client (browser) it uses XMLHttpRequests.
- Lucide React: Icon library for React applications.
- Zod: A TypeScript-first schema declaration and validation library.
- Shadcn UI Library: It is collection of UI re-components and offers ownership and control over the code, allowing you to decide how the components are built and styled.
- Actix-Web: Chosen for its high-performance, non-blocking capabilities in building Rust web applications.
- Rustls & Webpki: These libraries are used for managing SSL/TLS connections securely and validating certificate chains.
- X509-parser: This helps in parsing and extracting information from X.509 certificates.
- Domain Validation: The application assumes that users will input domain names in various formats (with or without 'https://', 'www', etc.). The frontend includes logic to clean and validate these inputs.
- Revocation Status: The revocation check (e.g., OCSP or CRL) is not yet implemented. It is assumed that most users are interested in the certificate validity period and domain verification.
- Error Handling: Limited error handling has been implemented for cases such as invalid domain names or failed TLS connections. More detailed error responses could be provided.
- UI Design: A clean, responsive design was chosen to ensure good user experience across different devices.
- Domain Validation: While the code checks for domain validity using the Subject Alternative Name (SAN) extension, there are edge cases with wildcards and IP addresses that aren't fully handled.
- CRL/OCSP Check: need to implement to track invalid certificates and monitor certificate revocation occurrences.
- Rate Limiting: A rate limiting mechanism is implemented to avoid abuse of the SSL checker API. This ensures that clients are restricted to a set number of requests per minute or hour to protect the server from being overwhelmed.
- View Past Certificate Checks Add user authentication for tracking personal SSL certificate checks.
- Client-Side Hydration Due to Nextjs's server-side rendering capabilities, when ever the previous request failed then the next request doesn't hydrate to client-side and requires couple of refresh to hydrate the client component
- Node.js (for the frontend).
- Rust (for the backend).
-
Clone the repository:
git clone https://github.com/0xprasanth/ssl-checker.git cd ssl-checker -
Install frontend dependencies:
cd frontend npm install -
Setup Environmental variables:
Refer
.env.examplefor more infocreate
.envfile and add the followingNEXT_PUBLIC_BACKEND_API= NEXT_BACKEND_API= -
Run the frontend:
npm run dev
-
Install backend dependencies:
cd backend cargo build -
Run the backend:
cargo run
The SSL Certificate Checker provides a single API endpoint for checking SSL certificates. Here are the details for testing this endpoint:
- Route:
/ssl - Method: POST
- URL:
http://localhost:800/ssl(replacelocalhostwith your server's IP if hosted elsewhere)
The request body should be in JSON format with a single field:
{
"domain": "google.com"
}Replace google.com with the domain you want to check.
A successful response will return a JSON object containing details about the SSL certificate:
{
"validity": true,
"expiration_date": "Tue, 17 Dec 2024 02:46:04 +0000",
"issuer": "C=US, O=Google Trust Services, CN=WR2",
"subject": "CN=*.google.com",
"is_valid_for_domain": true,
"ca_valid": false,
"self_signed": false,
"revocation_status": "Not implemented"
}- Open the application in your browser (by default, at
http://localhost:3000). - Enter a domain name into the input field.
- Click the Submit button to initiate the SSL certificate check.
- View the results section for details on the SSL certificate validation.
- Frontend: Next.js, Tailwind CSS for styling.
- Backend: Rust, HTTPS libraries for certificate validation.
See the video demonstration HERE