TLS Certificates Discovery for Unix

This topic was edited by a BMC Contributor and has not been approved.  More information.

Introduction

TLS (Transport Layer Security) is a type of cryptographic protocol that uses certificates to provide authentication and data encryption between servers, devices, and applications operating over the network. A common use of TLS is to secure connections from a web server to a user browser.

Discovery runs an openssl command to the open SSL socket which has been taken from listen_tcp_ssl_sockets attribute of the SI or the website. Using a search, you can find Certificates that are going to reach expiration date soon.

TLS certificates discovery is also supporter during scanning EC2 instances on AWS using AWS System manager.

Prerequisites

  • Unix-like operating system.
  • 'openssl' command availability.
  • Turned on Website configuration option for webservers.
  • If you want to discover EC2 hosts using AWS System Manager, please refer to this documentation.

Triggers

Command

The 'SSL.Discovery.Discover.Webserver name 'pattern executes the following command to get the TLS attributes: openssl > /dev/null 2>&1 && echo | openssl s_client -connect %listen_ssl_tcp_socket% | openssl x509 -inform pem -noout -nameopt oneline -subject -startdate -enddate -issuer -fingerprint -sha256 -serial -text

Attributes and Regex expressions

Attribute

Regex expression to get attribute

start_date

expiry_date

sha_256_fingerprint

issuer

subject_alternative_name

organization

organization_unit

serial

subject

self_signed

common_name

key

name

short_name

type

regex 'notBefore=(.+)\n'

regex 'notAfter=(.+)\n'

regex 'SHA256 Fingerprint=(\S+)'

 regex 'issuer\s*=\s*(.+?)$’

regex 'X509v3 Subject Alternative Name:\s*\n\s*(.+)\n'

regex 'O\s*=\s*(.+?),'

regex 'OU\s*=\s*(.+?),'

regex 'serial\s*=\s*(\S+)'

regex 'subject\s*=\s*(.+?)$'

regex 'verify error:num=\d+:self signed certificate'

regex 'CN\s*=\s*(.+?)$', raw '\1'

None. Set manually

None. Set manually

None. Set manually

None. Set manually

Supported Webservers

Currently, Discovery supports the following webservers:

Apache Webserver and Apache Tomcat

TLS Certificate details:

SSL sockets details:

Nginx

TLS Certificate details:



webserver with websites:

Related links

Apache HTTPD-based Webservers

Apache Tomcat

Nginx Webserver

Oracle WebLogic Server

HP Operations Manager

IBM WebSphere Application Server

Red Hat JBoss Application Server


Was this page helpful? Yes No Submitting... Thank you

Comments