SSL certificate signature algorithm can be identified using nmap or openssl command. Here are the steps to identify SSL certificate algorithms used in your webserver or other SSL endpoints.

nmap command :

You can use the ssl-cert script in the –script option to determine the certificate signing algorithm. Tested in nmap version 7

[root@cloudibee ~]# nmap -v -p 443 --script ssl-cert google.com | grep -i algorithm
| Signature Algorithm: sha256WithRSAEncryption
[root@cloudibee ~]#


[root@cloudibee ~]# nmap -v -p 443 --script ssl-cert 10.10.10.10 | grep -i Algorithm
| Signature Algorithm: sha1WithRSAEncryption
[root@cloudibee ~]#

openssl command :

Similarly you can find the same using openssl command. This below command reads the cert and then processes the information in the certificate.

[root@cloudibee ~]# echo | openssl s_client -showcerts -connect google.com:443 2>/dev/null | openssl x509 -inform pem -noout -text | grep 'Signature Algorithm'
Signature Algorithm: sha256WithRSAEncryption
[root@cloudibee ~]#

Using either of these commands, you can easily script it and identify certificate version on all your endpoints.

Example by using nmap command :

Iterate through all the host names in /tmp/list.txt and print their SSL certificate algorithm version.

# -- script -- #

#!/bin/bash

for host in `cat /tmp/list.txt`
do
echo -n $host
nmap -v -p 443 --script ssl-cert $host | grep -i Algorithm
done

# -- Execution --- #

[root@cloudibee ~]# for host in `cat /tmp/list.txt`; do echo -n "$host " ; nmap -v -p 443 --script ssl-cert $host | grep -i Algorithm; done
google.com | Signature Algorithm: sha256WithRSAEncryption
facebook.com | Signature Algorithm: sha256WithRSAEncryption
yahoo.com | Signature Algorithm: sha256WithRSAEncryption
[root@cloudibee ~]#
0 Shares:
Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like
Read More

Netapp : SNMP tips

How to enable SNMP on a netapp filer filer1> options snmp.enable onfiler1> options snmpsnmp.access                  legacy   snmp.enable                  on        filer1>…