How can I check if my certificates are not corrupted

  • Kader Daoud
    Kader Daoud


    I have installed my ejbca 3.10.1 (r9000) using jboss 4.3. the server works fine since 3 years ago. the server is in the DMZ.

    I will make a long story short, an attacker has introduced to my server and put a the pnscan tool and it scaned the internet addresses, when detected, I deleted the pnscan folder, deleted the $JBOSS_HOME/server/default/deploy/management ( the vulnerability was the jboss/webconsole) and reboot my server and it's ok now.

    Now my question is how can I check if my certificates chain is ok and no one of my certificates or my ROOT certificate is corrupted ?

    Presentely, I am working to install it internally and install an OCSP server in the DMZ.

    but before this want to be sure that all my certificates chain is ok, how I can be sure without doubt of that ?

    Please, help


  • Mike Kushner
    Mike Kushner

    Hi Kader,

    You can use OpenSSL to inspect your certificates if you want.

    On the other hand, if you've had an intruder in your system you should probably revert the whole thing and start from scratch. You can't be 100% sure that the attacker hasn't issued a certificate of their own, signed by your root. Also, check out the hardening guide on our homepage for other possible holes in your system.

    Mike Kushner
    Developer, Primekey Solutions

    PrimeKey Solutions offers commercial EJBCA and SignServer support
    subscriptions and training courses. Please see or
    contact for more information.