2 Replies Latest reply: Jun 11, 2012 9:20 PM by Mark Shaw RSS

Cert Checking - Automated

Mark Shaw

Hi

 

Looking for thoughts on the best way of checking certificates on a monthly basis, especially looking for expired\soon to expire.

 

I currently scan our external address space and run a report looking for QID 38174.  Bit clunky and I need to remember to run the report.

 

Anything else, preferably free or currently in Qualys tool kit?

 

Thanks

 

Mark

  • Re: Cert Checking - Automated
    Mike Pomraning

    Mark,

     

    Either QualysGuard's Scheduled Reports feature or the programmatic flexibility of the API can solve this problem.

     

    (SSL Labs can help, too, but that service is interactive and one-at-a-time, which is not what you're looking for.)

    Scheduled Reports

     

    To see how this would work I logged in to my QualysGuard VM subscription and navigated to "Reports" and then the "Search Lists" tab.  I defined a new Static List for relevant SSL/TLS certificate QIDs:  38167 – 38174.  (These cover expired, expiring, nonsensical start dates, self-signed, etc.)

     

    Then under the "Templates" tab I created a new Scan Template using my search list.  I also restricted the new template to HTTPS ports, since that's what I was excusively interested in.

     

    Finally, under the "Schedules" tab I configured a new Scan Report (Template Based) from this template.  I set my time zone, scheduled monthly recurrence, and requested email notification to myself.

     

    Note:  If you take this approach, be sure to schedule a scan to run before the report, so that your new report has fresh data to work from each time it runs.

     

     

    QualysGuard API

     

    Alternatively, if you have the development resources for a modest custom script, the asset/host/vm/detection QualysGuard 2.0 API call can provide you with the information you need.

     

    You could either request the same QIDs as above or, if you're comfortable parsing XML and text, take a handy shortcut and simply search for QID 86002 ("SSL Certificate - Information").  The "RESULTS" section of this IG contains a parseable text dump of the detected SSL/TLS certificate chain.  The Valid From and Valid To lines contain the date information you're looking for.

     

    From there you just need something like cron (Unix), Task Scheduler (Windows) or a recurring entry in your ticketing system to run the script monthly.

     

    Good luck!

     

    -Mike