Hello -
I'm using a Windows 2008R2 server and am working on locking the system down. We use the BeyondTrust Retina Network Security Scanner, the scanner returns two results that I'm having trouble solving.
The first is finding is:
'SSL Certificate Weak Public Key Strength'
"Retina has detected that the certificate on the target supports a cryptographically weak public key strength. An attacker may be able to leverage weaknesses in the public key strength to gain access to sensitive information."
"Replace the current certificate with one using a high-grade public key strength of 2048 bits of higher"
**Does anyone have any ideas how to find all the certificates loaded on the machine that aren't at 2048 bits or higher, the system is a standalone machine without internet access**
The second finding is:
'SSL Certificate Self-Signed'
"Retina has detected that the certificate on target is self-signed. Self-signed certificates can provide underlying cryptographic functionality, but cannot guarantee the origin of the certificate is trusted."
"Verify the certificate is trusted to ensure the confidentiality and integrity of prior encrypted communications. Replace the current self-signed certificate with one signed by a trusted root certificate authority."
**Anyone have any ideas how to find 'self-signed' certificates? I've tried searching through the certificates store on the local computer, but I can't seem to find a self-issued certificate, but Retina sure found some.**
Any help would be greatly appreciated!!
Thanks,
Ryan