Skip navigation
1798 Views 2 Replies Latest reply: Jun 11, 2012 9:20 PM by Mark Shaw RSS
Mark Shaw Level 1 27 posts since
Sep 28, 2010
Currently Being Moderated

Jun 10, 2012 8:44 PM

Cert Checking - Automated

Hi

 

Looking for thoughts on the best way of checking certificates on a monthly basis, especially looking for expired\soon to expire.

 

I currently scan our external address space and run a report looking for QID 38174.  Bit clunky and I need to remember to run the report.

 

Anything else, preferably free or currently in Qualys tool kit?

 

Thanks

 

Mark

  • Mike Pomraning Level 1 29 posts since
    Oct 12, 2010
    Currently Being Moderated
    Jun 11, 2012 12:37 PM (in response to Mark Shaw)
    Re: Cert Checking - Automated

    Mark,

     

    Either QualysGuard's Scheduled Reports feature or the programmatic flexibility of the API can solve this problem.

     

    (SSL Labs can help, too, but that service is interactive and one-at-a-time, which is not what you're looking for.)

    Scheduled Reports

     

    To see how this would work I logged in to my QualysGuard VM subscription and navigated to "Reports" and then the "Search Lists" tab.  I defined a new Static List for relevant SSL/TLS certificate QIDs:  38167 – 38174.  (These cover expired, expiring, nonsensical start dates, self-signed, etc.)

     

    Then under the "Templates" tab I created a new Scan Template using my search list.  I also restricted the new template to HTTPS ports, since that's what I was excusively interested in.

     

    Finally, under the "Schedules" tab I configured a new Scan Report (Template Based) from this template.  I set my time zone, scheduled monthly recurrence, and requested email notification to myself.

     

    Note:  If you take this approach, be sure to schedule a scan to run before the report, so that your new report has fresh data to work from each time it runs.

     

     

    QualysGuard API

     

    Alternatively, if you have the development resources for a modest custom script, the asset/host/vm/detection QualysGuard 2.0 API call can provide you with the information you need.

     

    You could either request the same QIDs as above or, if you're comfortable parsing XML and text, take a handy shortcut and simply search for QID 86002 ("SSL Certificate - Information").  The "RESULTS" section of this IG contains a parseable text dump of the detected SSL/TLS certificate chain.  The Valid From and Valid To lines contain the date information you're looking for.

     

    From there you just need something like cron (Unix), Task Scheduler (Windows) or a recurring entry in your ticketing system to run the script monthly.

     

    Good luck!

     

    -Mike

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points