• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 702
  • Last Modified:

Security Certicates tools to analyze encryption levels

Fellows, per the following MS article to be be released in October I am hoping that someone can offer me some guidance.

http://technet.microsoft.com/en-us/security/advisory/2661254

The way that I read this article is that no MS webserver is going to allow connection.  I have several hundred exposures to this article alone.  I am running a mixed 2003/2008/standard/enterprise/x86/x64/R2 environment, I inherited it not implemented it.  

With that being said as best I can tell I am going to have to edit each web server and modify the encryption level; that is the easy part.  The hard part is going to be analyzing the certificates that are already in place and figuring out their encryption level, UGH!!  I am hoping that to find a tool that I can run that will automate this task in my environment.  Does ANYONE know of anything that can/will facilitate in this effort please?

Any and all constructive insight is greatly appreciated, thanks.
0
m3mph1s1
Asked:
m3mph1s1
1 Solution
 
gr8gonzoConsultantCommented:
Sure, this is easy to do with OpenSSL. There should be Windows binaries, but basically the command is:

openssl x509 -in C:\path\to\the\public\certificate.pem -text -noout

That will dump a bunch of information about the certificate, including a line that should say the key length, like this:

RSA Public Key: (1024 bit)

It would be trivial to use PHP or some other scripting language (maybe PowerShell can do text manipulation?) to capture the output of that command and then extract the key size and log it somewhere along with the filename.
0
 
Dirk KotteSECommented:
open the secured website with https , look to the certificate-details.
There you can find the key-length...
0
 
David Johnson, CD, MVPOwnerCommented:
how did you generate the certificates?  if you have your own certificate server, generate new certificates and revoke the older ones with the proper key-length.
0
 
m3mph1s1Author Commented:
while some were in house those are particularly the ones that I am worried about.  It is the purchased ones that are the reason for concern
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Tackle projects and never again get stuck behind a technical roadblock.
Join Now