[Owasp-leaders] Expired SSL Certificate

Ralph Durkee rd at rd1.net
Tue Jun 13 16:36:33 UTC 2017


Yes, that along the lines of what I was thinking.  The CA that I use 
also issues reminders in advance.  Seems like there's lots of options 
for avoiding  a surprise expiration, and most of them are free.

-- Ralph Durkee, CISSP, GXPN, GPEN, GCIH, GSEC, GSNA, GCIA, C|EH
Principal Security Consultant


On 06/13/2017 08:18 AM, Vlad Styran wrote:
> Actually, LetsEncrypt by itself does a series of reminders of 
> certificate expiration to the email used for issuing the cert.
>
> Best,
> Vlad
>
>> On Jun 13, 2017, at 14:54, Ralph Durkee (OWASP) 
>> <Ralph.Durkee at owasp.org <mailto:Ralph.Durkee at owasp.org>> wrote:
>>
>> There's an open source Linux utility called certwatch (often 
>> installed by default) that will email a warning when an certificate 
>> is about to expire ( 30 days be default).  We should be using 
>> something like it, or an external service to issues an alert 30 days 
>> in advance. Certwatch parses the Apache  configuration file looking 
>> for certificates. Here's a sample email.
>>
>>
>> ################# SSL Certificate Warning ################
>>
>>   Certificate for hostname 'ssl.durkee.us <http://ssl.durkee.us>', in 
>> file (or by nickname):
>>      /etc/pki/tls/certs/ssl.durkee.us.crt
>>
>>   The certificate needs to be renewed; this can be done
>>   using the 'genkey' program.
>>
>>   Browsers will not be able to correctly connect to this
>>   web site using SSL until the certificate is renewed.
>>
>>  ##########################################################
>>                                   Generated by certwatch(1)
>>
>> -- Ralph Durkee
>> On 06/10/2017 10:02 AM, Sean Auriti wrote:
>>> Added to Bugheist: https://www.bugheist.com/issue/607/
>>> On Sat, Jun 10, 2017 at 9:22 AM Tom Brennan - OWASP <tomb at owasp.org 
>>> <mailto:tomb at owasp.org>> wrote:
>>>
>>>     We are just raising visability for software security <grin>.
>>>
>>>     Staff is aware and it is in progress item.
>>>
>>>     Tom Brennan
>>>
>>>
>>>
>>>     On Sat, Jun 10, 2017 at 7:53 AM, Ade Yoseman Putra
>>>     <ade.putra at owasp.org <mailto:ade.putra at owasp.org>> wrote:
>>>
>>>         Yep i saw the ssl need get fix and to do fast
>>>
>>>
>>>
>>>         On 10 Jun 2017 18:41, "Ahmed Abbas" <ahmed.abbas at owasp.org
>>>         <mailto:ahmed.abbas at owasp.org>> wrote:
>>>
>>>             Hi,
>>>
>>>             OWASP.org <http://OWASP.org> SSL certificate expired
>>>             yesterday and it is throwing a security warning when
>>>             someone tries to visit the website. This is very bad for
>>>             the public image of OWASP as an organization promoting
>>>             proper security configurations. I hope this gets fixed
>>>             ASAP, someone is already joking about it on Twitter.
>>>
>>>             Best Regards,
>>>             Ahmed Musaad.
>>>
>>>             _______________________________________________
>>>             OWASP-Leaders mailing list
>>>             OWASP-Leaders at lists.owasp.org
>>>             <mailto:OWASP-Leaders at lists.owasp.org>
>>>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>         _______________________________________________
>>>         OWASP-Leaders mailing list
>>>         OWASP-Leaders at lists.owasp.org
>>>         <mailto:OWASP-Leaders at lists.owasp.org>
>>>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170613/1d1d1f03/attachment.html>


More information about the OWASP-Leaders mailing list