Shibboleth Developers

I'm in the process of fixing several glitches in the IdP Install checklist

http://shibboleth.internet2.edu/guides/identity-provider-checklist.html

The checklist is currently organized into several sections:

Install and Configure the Pre-requisite Infrastructure
Generate and Use the Required PKI Elements
Install and Configure the Shibboleth Software

Currently the test included at the end of the second section ( F. 
Test Apache and mod_ssl: ) has the right title but the wrong text. 
The text describes using a simple tool that we supply that queries 
the AA over SSL; this won't work at this point in the checklist, 
since the shib software hasn't been installed yet.

I was thinking of suggesting that people type something like this to 
make sure that they've correctly configured the SSL support into 
apache:

curl -L --key "../shibboleth.key" --cert "../shibboleth.crt" --cacert 
"../shibboleth.crt" https://stc-linux.cis.brown.edu:8443/jsp-examples

(Note: I'm not sure why the -L is needed, but this doesn't seem to 
work for me without it....)

This would use (on the client side) the key and cert that were just 
configured into apache... would connect over ssl, and would retrieve 
a page that is guaranteed to be there.... We could do something 
simpler, but the checklist is currently recommending that people 
configure apache with SSLVerifyClient Require... so the client has to 
be able to supply a key/cert that will validate using the IQ 
ca-bundle file, and its not worth the trouble of configuring a 
browser to do this.)

unfortunately, if this succeeds, curl types a lot of html on the console......

any suggestions of a different test to use?