DigiCert Certificate Inspector on CentOS 6

Installation on CentOS

Download the 64-bit RPM:

wget https://www.digicert.com/certificate-inspector/agent-pkg/digicertagent-x64.rpm

Install the package:

rpm -ivh digicertagent-x64.rpm

Register the Agent

You will need your DigiCert credentials to register the agent:

/usr/bin/digicertagent register -desc "MyORG AName"
POODLE SSLv3 Vulnerability

Scan an Server

/usr/bin/digicertagent scan -include servername.domain.tld:443 -analyze
POODLE SSLv3 Vulnerability

 

Amend the Apache SSL Configuration for POODLE Vulnerability

In the file used to configure SSL for Apache ( usually /etc/httpd/conf.d/ssl.conf ) find the section starting with:

SSLProtocol all -SSLv2

and add -SSLv3 to the end so it looks like:

SSLProtocol all -SSLv2 -SSLv3

then restart the Apaches service:

service httpd restart
POODLE SSLv3 Vulnerability

DigiCert Certificate Inspector

I created a little script to periodically run the scans against a list of servers:

#!/bin/bash
ARR_SERVERS=( "server1.uk" "server2.uk" "server3.uk" "server4" "server5" )
for SERVER in ${ARR_SERVERS[*]}
do
echo "Scanning $SERVER ..."
/usr/bin/digicertagent scan -include $SERVER:443 -analyze
done

This allows viewing reports on the DigiCert website across an organisation highlighting actions needed:

DigiCert Certificate Inspector

 

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>