Installation on CentOS
Download the 64-bit RPM:
wget https://www.digicert.com/certificate-inspector/agent-pkg/digicertagent-x64.rpm
Install the package:
rpm -ivh digicertagent-x64.rpm
Register the Agent
You will need your DigiCert credentials to register the agent:
/usr/bin/digicertagent register -desc "MyORG AName"
Scan an Server
/usr/bin/digicertagent scan -include servername.domain.tld:443 -analyze
Amend the Apache SSL Configuration for POODLE Vulnerability
In the file used to configure SSL for Apache ( usually /etc/httpd/conf.d/ssl.conf ) find the section starting with:
SSLProtocol all -SSLv2
and add -SSLv3 to the end so it looks like:
SSLProtocol all -SSLv2 -SSLv3
then restart the Apaches service:
service httpd restart
DigiCert Certificate Inspector
I created a little script to periodically run the scans against a list of servers:
#!/bin/bash
ARR_SERVERS=( "server1.uk" "server2.uk" "server3.uk" "server4" "server5" )
for SERVER in ${ARR_SERVERS[*]}
do
echo "Scanning $SERVER ..."
/usr/bin/digicertagent scan -include $SERVER:443 -analyze
done
This allows viewing reports on the DigiCert website across an organisation highlighting actions needed:
