Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

certificates for IIS and servers

Posted on 2016-09-01
3
Medium Priority
?
78 Views
Last Modified: 2016-09-21
How can I check all the certificates and locate the weak hashes and encryption?  Also what properties would give me this?
0
Comment
Question by:Eric Donaldson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 1000 total points (awarded by participants)
ID: 41780859
Can leverage on tool such as below

local/offline
O-Saft - OWASP SSL advanced forensic tool
SSLScan - Fast SSL Scanner
SSLyze
SSL Audit

Online
SSL LABS Server Test
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Tools

The useful example in OWASP shares the use of NMAP and OPENSSL command to scan for weak cipher
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)#Testing_for_Weak_SSL.2FTLS_Ciphers.2FProtocols.2FKeys_vulnerabilities

Or iiscrypto for Windows which surfave the list and you can use its best practice to configure.

Summary of strong cipher properties recommended as in https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Cryptographic_Ciphers
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 1000 total points (awarded by participants)
ID: 41782349
You can list hash format with Openssl too.
(qualys ssllabs is good for public web sites)
I can add nessus and openwas for more profound assessment tools.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41808386
We waited for so long to hear how you proceeded....
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question