Solved

certificates for IIS and servers

Posted on 2016-09-01
3
50 Views
Last Modified: 2016-09-21
How can I check all the certificates and locate the weak hashes and encryption?  Also what properties would give me this?
0
Comment
Question by:Eric Donaldson
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
ID: 41780859
Can leverage on tool such as below

local/offline
O-Saft - OWASP SSL advanced forensic tool
SSLScan - Fast SSL Scanner
SSLyze
SSL Audit

Online
SSL LABS Server Test
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Tools

The useful example in OWASP shares the use of NMAP and OPENSSL command to scan for weak cipher
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)#Testing_for_Weak_SSL.2FTLS_Ciphers.2FProtocols.2FKeys_vulnerabilities

Or iiscrypto for Windows which surfave the list and you can use its best practice to configure.

Summary of strong cipher properties recommended as in https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Cryptographic_Ciphers
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points (awarded by participants)
ID: 41782349
You can list hash format with Openssl too.
(qualys ssllabs is good for public web sites)
I can add nessus and openwas for more profound assessment tools.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41808386
We waited for so long to hear how you proceeded....
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question