Page tree
Skip to end of metadata
Go to start of metadata

Introduction

TLS (Transport Layer Security) is a type of cryptographic protocol that uses certificates to provide authentication and data encryption between servers, devices, and applications operating over the network. A common use of TLS is to secure connections from a web server to a user browser.

Discovery runs an openssl command to the open SSL socket which has been taken from listen_tcp_ssl_sockets attribute of the SI or the website. Using a search, you can find Certificates that are going to reach expiration date soon.

Prerequisites

  • Unix-like operating system.
  • 'openssl' command availability.
  • Turned on Website configuration option for webservers.

Triggers

Pattern

Trigger Node

ConditionArgument

SSL.Discovery.Discover.Webserver name


SoftwareInstance

matches type

"Apache Webserver", "IBM HTTP Server", "Oracle HTTP Server", "HP Apache-based Web Server", "HP HP-UX Apache-based Web Server",  "Red Hat JBoss Enterprise Web Server", "Apache HTTPD-based Webserver", "JBoss Core Services Apache HTTP Server", "Nginx Webserver", "Apache Tomcat Application Server", "Oracle WebLogic Server" ("BEA WebLogic Application Server"), "Oracle GlassFish", "HP OpenView Operations Agent", "HP Operations Agent".

Command

The 'SSL.Discovery.Discover.Webserver name 'pattern executes the following command to get the TLS attributes: openssl > /dev/null 2>&1 && echo | openssl s_client -connect %listen_ssl_tcp_socket% | openssl x509 -inform pem -noout -nameopt oneline -subject -startdate -enddate -issuer -fingerprint -sha256 -serial -text

Attributes and Regex expressions

Attribute

Regex expression to get attribute

start date

expiry date

sha_256_fingerprint

issuer

subject_alternative_name

organization

organization_unit

serial

subject

self_signed

common_name

key

name

short_name

type

regex 'notBefore=(.+)\n'

regex 'notAfter=(.+)\n'

regex 'SHA256 Fingerprint=(\S+)'

 regex 'issuer\s*=\s*(.+?)$’

regex 'X509v3 Subject Alternative Name:\s*\n\s*(.+)\n'

regex 'O\s*=\s*(.+?),'

regex 'OU\s*=\s*(.+?),'

regex 'serial\s*=\s*(\S+)'

regex 'subject\s*=\s*(.+?)$'

regex 'verify error:num=\d+:self signed certificate'

regex 'CN\s*=\s*(.+?)$', raw '\1'

None. Set manually

None. Set manually

None. Set manually

None. Set manually

Supported Webservers

Currently, Discovery supports the following webservers:

Apache Webserver and Apache Tomcat

TLS Certificate details:

SSL sockets details:

Nginx

TLS Certificate details:



webserver with websites:

Related links

Apache HTTPD-based Webservers

Apache Tomcat

Nginx Webserver

Oracle WebLogic Server

HP Operations Manager

IBM WebSphere Application Server