How can I check if my certificates are not corrupted

Help
2013-07-19
2013-07-21
  • Kader Daoud
    Kader Daoud
    2013-07-19

    Hi

    I have installed my ejbca 3.10.1 (r9000) using jboss 4.3. the server works fine since 3 years ago. the server is in the DMZ.

    I will make a long story short, an attacker has introduced to my server and put a the pnscan tool and it scaned the internet addresses, when detected, I deleted the pnscan folder, deleted the $JBOSS_HOME/server/default/deploy/management ( the vulnerability was the jboss/webconsole) and reboot my server and it's ok now.

    Now my question is how can I check if my certificates chain is ok and no one of my certificates or my ROOT certificate is corrupted ?

    Presentely, I am working to install it internally and install an OCSP server in the DMZ.

    but before this want to be sure that all my certificates chain is ok, how I can be sure without doubt of that ?

    Please, help

    Kader

     
  • Mike Kushner
    Mike Kushner
    2013-07-21

    Hi Kader,

    You can use OpenSSL to inspect your certificates if you want.

    On the other hand, if you've had an intruder in your system you should probably revert the whole thing and start from scratch. You can't be 100% sure that the attacker hasn't issued a certificate of their own, signed by your root. Also, check out the hardening guide on our homepage for other possible holes in your system.

    Cheers,
    Mike Kushner
    Developer, Primekey Solutions


    PrimeKey Solutions offers commercial EJBCA and SignServer support
    subscriptions and training courses. Please see www.primekey.se or
    contact info@primekey.se for more information.
    http://www.primekey.se/Services/Support/
    http://www.primekey.se/Services/Training/