Azure Quick Hints: Using nmap tools to identify the certificate being used by your Application Gateway

While this quick hint can be used with any web service, I will concentrate on cloud and more specifically Azure. When troubleshooting Azure Web Apps, Application Gateways, it is essential to understand which certificate is currently in use, especially when testing rotation and renewing certs.

For macOS users, we can use either Microsoft Edge or nmap utility. In this blog post, we will cover the process of using nmap through the command line in your favorite coffee shop (assuming you are a fan of that coffee company based in Seattle). If so, you are probably using macOS and this blog is for you or anyone that wants to use nmap utility.

The first step is to install HomeBrew, an installer that helps install tools in a macOS or Linux system (actually, the system has built-in tools to do that). The process to install is simple. Just run the following line of code on your terminal:

ruby -e "$(curl -fsSL" 2> /dev/null

Having HomeBrew installed on your macOS makes the installation process for additional tools quite easy. Here is the command to perform nmap installation:

brew install nmap

Now that we have all the pieces installed, we need to run these two (2) commands to query the URL and see which certificate is being used. The first line needs to be updated with the domain/URL that you want to check.

nmap -sV --script ssl-cert -p 443 $vURL

As part of the output of the nmap utility, we can check the key size and the validity of the certificate, which is crucial when testing certificate rotation.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top