Solved

certificates for IIS and servers

Posted on 2016-09-01
3
44 Views
Last Modified: 2016-09-21
How can I check all the certificates and locate the weak hashes and encryption?  Also what properties would give me this?
0
Comment
Question by:Eric Donaldson
  • 2
3 Comments
 
LVL 62

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
ID: 41780859
Can leverage on tool such as below

local/offline
O-Saft - OWASP SSL advanced forensic tool
SSLScan - Fast SSL Scanner
SSLyze
SSL Audit

Online
SSL LABS Server Test
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Tools

The useful example in OWASP shares the use of NMAP and OPENSSL command to scan for weak cipher
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)#Testing_for_Weak_SSL.2FTLS_Ciphers.2FProtocols.2FKeys_vulnerabilities

Or iiscrypto for Windows which surfave the list and you can use its best practice to configure.

Summary of strong cipher properties recommended as in https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Cryptographic_Ciphers
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points (awarded by participants)
ID: 41782349
You can list hash format with Openssl too.
(qualys ssllabs is good for public web sites)
I can add nessus and openwas for more profound assessment tools.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41808386
We waited for so long to hear how you proceeded....
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to Remove files with a Date in the Filename with Linux Scripting 3 44
How safe is emailing credit card information? 10 77
wipe a usb using python 5 48
linux SFTP 8 44
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question