LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 06-13-2008, 03:47 PM   #1
dslehman
LQ Newbie
 
Registered: Jun 2008
Distribution: Primarily Ubuntu
Posts: 2

Rep: Reputation: 0
Detecting Revoked SSL Certificate


I am presently using the application ssl-cert-check (http://prefetch.net/articles/checkcertificate.html) to detect if any of my Apache SSL certificates are expired. I have it set up as a cron job to check the SSL certificates on a list of web sites.

This script will only let me know if if my certificate is expired. I am now looking for a script that will take in a list of web sites and inform me if any of their SSL certificates have been revoked. Newer browsers (Firefox 3.x and IE 7.x) check web site SSL certificates to see whether or not they have been revoked before it starts to load the site.

I work in a large organization where someone else manages the SSL certificates that I use. They have accidentally revoked some of my certificates in the past and have caused issues with users who have newer browsers. Hence, proactively checking my SSL certificates to see if they have been revoked is important to me.

Please let me know if you know of a way to do this.

Thanks very much!
 
Old 06-15-2008, 01:59 AM   #2
pinniped
Senior Member
 
Registered: May 2008
Location: planet earth
Distribution: Debian
Posts: 1,732

Rep: Reputation: 50
Update your certificate revocation list regularly from the public CAs and any other CAs you may use. You probably want a single machine to do this, and all your other computers can update from that machine. Hmm ... perhaps the SSL/TLS libraries need an option to check for revocation from the CA before proceeding. At the moment I am only aware of checking against a local revocation list.
 
Old 11-05-2010, 02:31 PM   #3
visecfind
LQ Newbie
 
Registered: Nov 2010
Posts: 1

Rep: Reputation: 0
Exclamation An SSL diagnostic tool

dslehman, a tool that may help with monitoring SSL certificates is a web-based one that I use for certs but also monitoring sites in general. Basically its a diagnostic http/https tool with alert capability to monitor SSL certificates, expiration dates, etc. Its free so may be worth checking out - virtualsecrets.com/siteBotAuditor.html
 
Old 11-08-2010, 07:14 PM   #4
fpmurphy
Member
 
Registered: Jan 2009
Location: /dev/ph
Distribution: Fedora, Ubuntu, Redhat, Centos
Posts: 286

Rep: Reputation: 61
You can also use the openssl verify command in a shell script to check if certifiates have expired and lots more.
 
  


Reply

Tags
certificate, linux, openssl, script, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Openssl - verify wheather certificate is revoked djgerbavore Linux - Security 1 11-21-2005 07:20 AM
SSL Certificate The_JinJ Linux - General 1 03-21-2005 11:46 PM
ssl-certificate twantrd Linux - General 1 03-31-2004 08:47 AM
SSL Certificate terminology dvong3 Linux - General 1 12-19-2003 08:50 AM
SSL certificate without..... Drogo Linux - Software 1 06-13-2003 02:13 AM


All times are GMT -5. The time now is 03:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration