On Thu, May 15, 2008 at 07:43:13PM -0400, Chris Adams wrote: > > On May 15, 2008, at 6:25 PM, Alex Samad wrote: >> is there away to check x509 certs with these tools ? > > Yes - the wiki has one (http://wiki.debian.org/SSLkeys) but you might > prefer the openssl-blacklist package which Ubuntu prepared: > > https://launchpad.net/ubuntu/+source/openssl-blacklist/ > > It runs out of the box on Debian and if you edit debian/control to > change the openssl dependency from the Ubuntu version > (0.9.8g-4ubuntu3.1) to the Debian version (0.9.8c-4etch3) you can dpkg- > buildpackage it and deploy it to multiple systems. I used it like this > to flush out Apache keys: > > sudo find /etc/ -xdev -type f -name \*.key -exec openssl-vulnkey {} \; I have done this and check some .key files, but they show up as not blacklisted, when I know they have been created in the last 12 months. I thought I read some where the keys are different depending on weather it was generated on a 32b or 64b system. You might want to update the blacklist with the 64b generated keys > > Chris -- Jack-and-Jill Party: A Squire tradition; baby showers to which both men and women friends are invited as opposed to only women. Doubled purchasing power of bisexual attendance brings gift values up to Eisenhower-era standards. -- Douglas Coupland, "Generation X: Tales for an Accelerated Culture"
Attachment:
signature.asc
Description: Digital signature