How to get TLS from any location using Globalping

Globalping is a platform that allows you to perform network measurement tests like ping, traceroute, and HTTP on probes worldwide. The HTTP test type is especially useful when you want to test API endpoints or check a website's response headers, for example. However, some Globalping users are unaware that they can also obtain information about the test target's TLS certificate, which requires a bit of digging into the response.

TLS (Transport Layer Security) is a protocol that ensures secure communication over the internet by encrypting data exchanged between two parties. It's an improvement over SSL (Secure Sockets Layer), and while you may still hear people talk about SSL, what they really mean is TLS.

In this article, we'll show you how to access TLS data using Globalping's web UI and CLI tool, so regardless of your technical ability, you can follow along. We'll also explore some use cases where looking into TLS information with Globalping comes in handy.

Accessing TLS information with Globalping

We'll now look into two methods of creating HTTP tests to get TLS certificate data. If you are unfamiliar with CLI tools or prefer working with a graphical interface, using the web UI is the right choice for you. If you like working in your terminal and even want to parse the data directly in there, check out the CLI tool explanation.

Using the Globalping Web UI to get TLS data

Follow these steps to run measurements on our website:

1. Visit our website and go to the top of the page to find the UI to run measurements.

2. Fill out the form with the following information:

   1. Test Type: Choose "HTTP" as the test we want to run.
   2. Target: Type in www.jsdelivr.com or your website's URL.
   3. Location: Leave it as it is or, if you want, define a different location, such as a city, country, or region. You can learn more about defining locations on GitHub.
   4. Limit: Set this to 1; it defines the number of probes we want to run our test.
   5. Method (optional): Click on the gear icon to access the advanced settings. There, pick the "HEAD" method since we are not interested in getting the contents of our defined target.

1. Leave everything else as it is and click the "Run Test" button.

2. After you run the test, you can see the test result data below the map. The data should look similar to what you can see in the screenshot.

While you can see the timing data, including the time it took from establishing the TCP connection to establishing the TLS session (in the screenshot, it's 22ms), there's no information about the TLS certificate. That's because what you see here is just a section of the complete measurement response.

So, to view TLS data, we need to retrieve the complete measurement response:

1. Under the result data, there's a share link that you can use to share the result with others. The alphanumerical string at the end of the link (the value of the URL parameter measurement) is the identifier for your measurement. Copy it to your clipboard.

2. Paste the identifier to the end of this URL: https://api.globalping.io/v1/measurements/

   1. For example: https://api.globalping.io/v1/measurements/zCEK4Pr37zzyajLH

3. Copy and paste the URL into your browser's address bar. This URL directly calls the Globalping API to fetch the measurement result for the provided identifier. 

4. You now see a JSON object that contains the complete result, which we'll look into in the next section.

Using the Globalping CLI tool to get TLS data

To use the Globalping CLI tool to get TLS data, follow these steps:

1. Make sure you have the CLI tool installed and ready.

2. To replicate the example from the Web UI section above, type the following command into your terminal and execute it:
   globalping http https://www.jsdelivr.com from world --limit 1

3. As a result, you will get the standard information for an HTTP HEAD request, but you won't see any TLS information.

1. What you see is only a section of the complete response – to get all the data, you need to append the option --json to your command:
   globalping http https://www.jsdelivr.com from world --limit 1 --json

2. You should now see the entire measurement result as JSON data, which you can use for further processing. We will discuss how to do this in the next section.

Note: 

You can also get the measurement identifier by running the command with the --share option. This will give you a link to share your result, and you can use the appended measurement identifier to request your measurement result directly from the API. We've explained how to do this in the section on the Web UI above.

Extracting TLS data from the response

First, let's tour the TLS data you can retrieve with Globalping. For this, we'll use the JSON from our measurement result.

Help:

If you're not sure how to get the JSON data in a readable format, you can use an online tool like JSON formatter. Just copy and paste your JSON code into the text field and press "Process." 

You can then see the prettified JSON – scroll to the end of the JSON and find an object named tls containing the TLS certificate information. 

Alright, let's take a look at the data!

You can find the tls information inside the result object of a test:

"tls":{
       "authorized":true,
       "createdAt":"2024-01-19T19:08:46.000Z",
       "expiresAt":"2024-04-18T19:08:45.000Z",
       "issuer":{
          "C":"US",
          "O":"Let's Encrypt",
          "CN":"E1"
       },
       "subject":{
          "CN":"www.jsdelivr.com",
          "alt":"DNS:www.jsdelivr.com"
       }
    }

• authorized: Indicates whether a trusted authority signed the certificate.

• createdAt: The creation date and time of the certificate.

• expiresAt: The expiration date and time of the certificate.

• issuer: Information about the certificate issuer, such as Let's Encrypt. It includes the country (C), organization (O), and common name (CN).

• subject: Information about the certificate's subject, such as your website. It includes the common name (CN) and any alternate names (alt).

Tip:

You can also find a timings object in the same result object. This contains details about the HTTP request times in milliseconds, including the time from establishing the TCP connection to establishing the TLS session (TLS handshake).

"timings":{

   "total":52,

   "download":1,

   "firstByte":18,

   "dns":2,

   "tls":22,

   "tcp":9

}

Extracting TLS data in your terminal

Here's a basic command that runs the Globalping HTTP command and extracts the tls information from the JSON result:

globalping http https\://jsdelivr.com from world --limit 1 --json --ci | jq -r '.results\[].result.tls | to\_entries\[] | "\\(.key): \\(.value)"' | sed 's/"//g' | awk -F ': ' '{ if (NF==1) next; else print $1 ": " $2 }'

We're using the sed and awk commands to bring the data into a nice format. Additionally, we're using the jq command-line JSON processor to work with the JSON data, so make sure you have it installed before running the command. 

The output should look something like this:

Feel free to copy the command and adapt it to your needs!

If you want more flexibility, you can also use the Globalping API to create measurements, retrieve the JSON result, and process it in your code however you want. 

Handy use cases for using Globalping to get TLS data

Now that we've explored how to obtain, view, and extract TLS data, let's explore some practical use cases of leveraging the Globalping probe network to request TLS data from various locations worldwide. 

• Monitoring globally distributed systems: By monitoring TLS data, you can make sure that TLS certificates are correctly installed, secure, and up-to-date, which helps maintain the security of your systems. And if you do this from different locations, you can ensure that monitoring continues without interruption, even if problems occur at one location.

• Security research and analysis: Analyzing TLS certificates can provide useful insights into potential security vulnerabilities or threats. To identify and address security risks, you may want to examine TLS certificate data such as issuer information, the subject's alternative names, and expiration dates. 

• Compliance requirements: Many companies must perform security checks from different locations to meet regulatory standards or internal policies. Globalping can help your company meet these compliance requirements and maintain a secure online environment.

• Performance optimization: To improve the performance of your websites and applications, it can help to evaluate the time it takes to complete the TLS handshake process from different locations. By checking the timings\ data provided in Globalping JSON results, you can detect any delay issues that may occur during the TLS handshake. 

Conclusion

In this article, we've explained how to get TLS data using Globalping's HTTP test type and how to extract this information from the JSON output. Additionally, we've explored some use cases where requesting TLS data with Globalping can help with system monitoring, security research, compliance adherence, and performance optimization.

If you want to learn more about using Globalping effectively, visit our blog and check out our best practices on GitHub.