Practice & Assessment
Test your understanding of HTTPS and TLS Security
Multiple Choice Questions
6A server's TLS certificate expired two days ago but the development team says 'it worked fine yesterday'. What most likely caused the sudden failure?
A developer uses certbot --nginx to set up HTTPS but forgets to open port 80 in the firewall. Which ACME challenge type will fail?
What is forward secrecy and why does TLS 1.3 mandate it?
A site has HSTS with max-age=31536000 but you need to temporarily serve HTTP for a maintenance redirect. What problem will you face?
Your browser shows ERR_CERT_AUTHORITY_INVALID for an internal tool using a self-signed certificate. What is the correct long-term fix?
An HTTPS page loads an image from an HTTP URL. What will modern browsers do?
Coding Challenges
1Certificate Inspector
Write a Node.js or Python script that accepts a hostname as a CLI argument, connects to port 443, and prints: (1) the certificate's subject Common Name and all SAN domains; (2) the issuer organization; (3) the validity period (notBefore and notAfter); (4) whether the certificate is currently valid, expired, or not yet valid; (5) the number of days until expiry (or since expiry). Use only the built-in tls module (Node) or ssl module (Python). No external libraries. Estimated time: 25–30 minutes.
Mini Project
HTTPS Health Checker
Build a CLI tool that accepts a list of domains (from a file or CLI arguments) and produces a TLS health report for each. For each domain the tool must check and report: (1) whether HTTPS is reachable on port 443; (2) certificate validity status and days until expiry; (3) whether the domain in the certificate matches the requested domain; (4) the TLS version negotiated; (5) whether HSTS is present and its max-age value; (6) whether HTTP (port 80) redirects to HTTPS. Output a tabular summary and exit with code 1 if any domain has a certificate expiring in fewer than 14 days or is already expired. Use only standard library TLS/SSL modules.