Cool tool – check certificates already installed on a server

Working with Lync everyday for a number of different organizations, I often need to gather information about the certificates that they’re using, or perhaps that a federated organization is using. This can be on a Lync Edge server, reverse proxy, web server, Exchange server, load balancer, or any number of other devices. The easiest way for me to get an overview of the certificates in use is with DigiCert’s SSL Certificate Checker.

When you enter an FQDN into the checker, you’re provided with a page of information including the Common Name/Subject Name, any Subject Alternate Names, and a variety of cryptography and administrative items.  A couple of certificate vulnerabilities are checked, as is the expiry date, revocation lists, and the certificate chain through any intermediates to the Root CA is validated.

I really appreciate how the checker displays some items with comments like “Signature algorithm = SHA1 + RSA (good)”, giving you a quick indication if things are in order.

If you’re not sure of an FQDN, you can use an IP address. I’ll do this sometimes when I don’t know the hostname for a server, but I know the IP address or the address of another server at the organization (changes are the one I’m after is plus or minus a few IP addresses). When you run the checker by IP address, you’ll receive a warning that the Certificate name doesn’t match what you entered. That’s fine, you can have a look at the Common Name and Subject Alternate Names and re-run the checker with one of those if you’d like.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s