Installation on CentOS
Download the 64-bit RPM:
wget https://www.digicert.com/certificate-inspector/agent-pkg/digicertagent-x64.rpm
Install the package:
rpm -ivh digicertagent-x64.rpm
Register the Agent
You will need your DigiCert credentials to register the agent:
/usr/bin/digicertagent register -desc "MyORG AName"
![POODLE SSLv3 Vulnerability](http://blog.redbranch.net/wp-content/uploads/2014/10/Selection_083-300x64.png)
Scan an Server
/usr/bin/digicertagent scan -include servername.domain.tld:443 -analyze
![POODLE SSLv3 Vulnerability](http://blog.redbranch.net/wp-content/uploads/2014/10/Selection_085-300x56.png)
Amend the Apache SSL Configuration for POODLE Vulnerability
In the file used to configure SSL for Apache ( usually /etc/httpd/conf.d/ssl.conf ) find the section starting with:
SSLProtocol all -SSLv2
and add -SSLv3 to the end so it looks like:
SSLProtocol all -SSLv2 -SSLv3
then restart the Apaches service:
service httpd restart
![POODLE SSLv3 Vulnerability](http://blog.redbranch.net/wp-content/uploads/2014/10/Selection_086-300x100.png)
DigiCert Certificate Inspector
I created a little script to periodically run the scans against a list of servers:
#!/bin/bash ARR_SERVERS=( "server1.uk" "server2.uk" "server3.uk" "server4" "server5" ) for SERVER in ${ARR_SERVERS[*]} do echo "Scanning $SERVER ..." /usr/bin/digicertagent scan -include $SERVER:443 -analyze done
This allows viewing reports on the DigiCert website across an organisation highlighting actions needed:
![DigiCert Certificate Inspector](http://blog.redbranch.net/wp-content/uploads/2014/10/Selection_087-300x168.png)