[Owasp-leaders] Expired SSL Certificate

Ralph Durkee (OWASP) Ralph.Durkee at owasp.org
Tue Jun 13 11:54:18 UTC 2017


There's an open source Linux utility called certwatch (often installed 
by default) that will email a warning when an certificate is about to 
expire ( 30 days be default).  We should be using something like it, or 
an external service to issues an alert 30 days in advance. Certwatch 
parses the Apache configuration file looking for certificates. Here's a 
sample email.


################# SSL Certificate Warning ################

   Certificate for hostname 'ssl.durkee.us', in file (or by nickname):
      /etc/pki/tls/certs/ssl.durkee.us.crt

   The certificate needs to be renewed; this can be done
   using the 'genkey' program.

   Browsers will not be able to correctly connect to this
   web site using SSL until the certificate is renewed.

  ##########################################################
                                   Generated by certwatch(1)

-- Ralph Durkee

On 06/10/2017 10:02 AM, Sean Auriti wrote:
> Added to Bugheist: https://www.bugheist.com/issue/607/
> On Sat, Jun 10, 2017 at 9:22 AM Tom Brennan - OWASP <tomb at owasp.org 
> <mailto:tomb at owasp.org>> wrote:
>
>     We are just raising visability for software security <grin>.
>
>     Staff is aware and it is in progress item.
>
>     Tom Brennan
>
>
>
>     On Sat, Jun 10, 2017 at 7:53 AM, Ade Yoseman Putra
>     <ade.putra at owasp.org <mailto:ade.putra at owasp.org>> wrote:
>
>         Yep i saw the ssl need get fix and to do fast
>
>
>
>         On 10 Jun 2017 18:41, "Ahmed Abbas" <ahmed.abbas at owasp.org
>         <mailto:ahmed.abbas at owasp.org>> wrote:
>
>             Hi,
>
>             OWASP.org SSL certificate expired yesterday and it is
>             throwing a security warning when someone tries to visit
>             the website. This is very bad for the public image of
>             OWASP as an organization promoting proper security
>             configurations. I hope this gets fixed ASAP, someone is
>             already joking about it on Twitter.
>
>             Best Regards,
>             Ahmed Musaad.
>
>             _______________________________________________
>             OWASP-Leaders mailing list
>             OWASP-Leaders at lists.owasp.org
>             <mailto:OWASP-Leaders at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170613/ac99e76a/attachment.html>


More information about the OWASP-Leaders mailing list