Security Certicates tools to analyze encryption levels

Posted on 2012-09-04
Last Modified: 2013-12-06
Fellows, per the following MS article to be be released in October I am hoping that someone can offer me some guidance.

The way that I read this article is that no MS webserver is going to allow connection.  I have several hundred exposures to this article alone.  I am running a mixed 2003/2008/standard/enterprise/x86/x64/R2 environment, I inherited it not implemented it.  

With that being said as best I can tell I am going to have to edit each web server and modify the encryption level; that is the easy part.  The hard part is going to be analyzing the certificates that are already in place and figuring out their encryption level, UGH!!  I am hoping that to find a tool that I can run that will automate this task in my environment.  Does ANYONE know of anything that can/will facilitate in this effort please?

Any and all constructive insight is greatly appreciated, thanks.
Question by:m3mph1s1
    LVL 34

    Accepted Solution

    Sure, this is easy to do with OpenSSL. There should be Windows binaries, but basically the command is:

    openssl x509 -in C:\path\to\the\public\certificate.pem -text -noout

    That will dump a bunch of information about the certificate, including a line that should say the key length, like this:

    RSA Public Key: (1024 bit)

    It would be trivial to use PHP or some other scripting language (maybe PowerShell can do text manipulation?) to capture the output of that command and then extract the key size and log it somewhere along with the filename.
    LVL 22

    Expert Comment

    by:Dirk Kotte
    open the secured website with https , look to the certificate-details.
    There you can find the key-length...
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    how did you generate the certificates?  if you have your own certificate server, generate new certificates and revoke the older ones with the proper key-length.
    LVL 5

    Author Comment

    while some were in house those are particularly the ones that I am worried about.  It is the purchased ones that are the reason for concern

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now