On May 15, 2008, at 6:25 PM, Alex Samad wrote:
is there away to check x509 certs with these tools ?

Yes - the wiki has one (http://wiki.debian.org/SSLkeys) but you might prefer the openssl-blacklist package which Ubuntu prepared:

https://launchpad.net/ubuntu/+source/openssl-blacklist/

It runs out of the box on Debian and if you edit debian/control to change the openssl dependency from the Ubuntu version (0.9.8g-4ubuntu3.1) to the Debian version (0.9.8c-4etch3) you can dpkg- buildpackage it and deploy it to multiple systems. I used it like this to flush out Apache keys:

sudo find /etc/ -xdev -type f -name \*.key -exec openssl-vulnkey {} \;

Chris

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to