Asked by:
Find certificate key length on all servers

-
Hi There
I have just taken on a client with ageing infrastructure and a whole bunch of undocumented website and web services.
I need an easy way to find all certificates that are using 1024 bit length before they are no longer supported on the 1st October 2013.
Is there a batch script I could use to list out all the certificates that are using 1024 encryption?
Thanks
- Moved by Bill_Stewart Tuesday, December 31, 2013 8:21 PM Abandoned thread
Question
All replies
-
Where are these certificates stored.
I PowerShell you can enumerate a users certs and the machine certs. There is no way to run a program and get all certs in use everywhere.
Does you customer have a cert server? What applications are no longer going to support 1024 bit encryption. Who is telling you that this is true?
¯\_(ツ)_/¯
-
Is this what you are referring to?
http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
Read it carefully as it describes how to transition.
Call the vendor for you certs and have them tell you how to re-order the new certs. THey will also be able t give you a complete list of all certs delivered.
If you have Cert server then just run the reports.
Only web servers need to be updated. I suggest that all of your web servers need updating. Just go to the web servers and re-order the certs.
¯\_(ツ)_/¯
-
The certs are all over the place and the site is not documented at all so I really need to cover all servers in this audit. I could run a script on all servers but it would need to be a batch script as there is a mix of 2000, 2003 and 2008 servers on the site
you can read about the 1st of October 2013 for 1024 bit encryption deadline here http://www.thawte.com/resources/2048-bit-compliance/
-
you can read about the 1st of October 2013 for 1024 bit encryption deadline here http://www.thawte.com/resources/2048-bit-compliance/
For web servers and browsers.¯\_(ツ)_/¯
-