I have installed my ejbca 3.10.1 (r9000) using jboss 4.3. the server works fine since 3 years ago. the server is in the DMZ.
I will make a long story short, an attacker has introduced to my server and put a the pnscan tool and it scaned the internet addresses, when detected, I deleted the pnscan folder, deleted the $JBOSS_HOME/server/default/deploy/management ( the vulnerability was the jboss/webconsole) and reboot my server and it's ok now.
Now my question is how can I check if my certificates chain is ok and no one of my certificates or my ROOT certificate is corrupted ?
Presentely, I am working to install it internally and install an OCSP server in the DMZ.
but before this want to be sure that all my certificates chain is ok, how I can be sure without doubt of that ?
You can use OpenSSL to inspect your certificates if you want.
On the other hand, if you've had an intruder in your system you should probably revert the whole thing and start from scratch. You can't be 100% sure that the attacker hasn't issued a certificate of their own, signed by your root. Also, check out the hardening guide on our homepage for other possible holes in your system.
Developer, Primekey Solutions
PrimeKey Solutions offers commercial EJBCA and SignServer support
subscriptions and training courses. Please see www.primekey.se or
contact firstname.lastname@example.org for more information.