Solved

certificates for IIS and servers

Posted on 2016-09-01
3
31 Views
Last Modified: 2016-09-21
How can I check all the certificates and locate the weak hashes and encryption?  Also what properties would give me this?
0
Comment
Question by:Eric Donaldson
  • 2
3 Comments
 
LVL 61

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
ID: 41780859
Can leverage on tool such as below

local/offline
O-Saft - OWASP SSL advanced forensic tool
SSLScan - Fast SSL Scanner
SSLyze
SSL Audit

Online
SSL LABS Server Test
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Tools

The useful example in OWASP shares the use of NMAP and OPENSSL command to scan for weak cipher
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)#Testing_for_Weak_SSL.2FTLS_Ciphers.2FProtocols.2FKeys_vulnerabilities

Or iiscrypto for Windows which surfave the list and you can use its best practice to configure.

Summary of strong cipher properties recommended as in https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Cryptographic_Ciphers
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 250 total points (awarded by participants)
ID: 41782349
You can list hash format with Openssl too.
(qualys ssllabs is good for public web sites)
I can add nessus and openwas for more profound assessment tools.
0
 
LVL 61

Expert Comment

by:gheist
ID: 41808386
We waited for so long to hear how you proceeded....
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now