openssl s_client -connect www.yahoo.com:443 -CAfile /usr/local/etc/openssl/cert.pem
You should see
verify return:1 for each certificate in the chain.
Host header injection
Read about it here.
curl -i --header "Host: evilsite.com" https://www.yahoo.com
Your site is vulnerable if
evilsite.com appears in the results.
Check if your SPF record is valid. Enter your domain here.
Very few sites have this right now.
dig pir.org +dnssec
See how to interpret the results.