Solved

certificates for IIS and servers

Posted on 2016-09-01
3
71 Views
Last Modified: 2016-09-21
How can I check all the certificates and locate the weak hashes and encryption?  Also what properties would give me this?
0
Comment
Question by:Eric Donaldson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
ID: 41780859
Can leverage on tool such as below

local/offline
O-Saft - OWASP SSL advanced forensic tool
SSLScan - Fast SSL Scanner
SSLyze
SSL Audit

Online
SSL LABS Server Test
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Tools

The useful example in OWASP shares the use of NMAP and OPENSSL command to scan for weak cipher
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)#Testing_for_Weak_SSL.2FTLS_Ciphers.2FProtocols.2FKeys_vulnerabilities

Or iiscrypto for Windows which surfave the list and you can use its best practice to configure.

Summary of strong cipher properties recommended as in https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Cryptographic_Ciphers
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points (awarded by participants)
ID: 41782349
You can list hash format with Openssl too.
(qualys ssllabs is good for public web sites)
I can add nessus and openwas for more profound assessment tools.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41808386
We waited for so long to hear how you proceeded....
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question