Verify SSL Certificate Modified on Host
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Security recommendation
| Impact | Remediation complexity | Severity | Recommended value |
|---|
| 4 | 3 | 3 | No unauthorized modifications |
SSL/TLS certificates and certificate stores should remain unchanged unless modifications are part of authorized certificate updates, installations, or system package management.
Compliance
Documentation
SSL/TLS certificates are critical components of secure communications, establishing trust between clients and servers. Certificate stores typically reside in system directories such as /etc/ssl/certs, /etc/pki/tls/certs, and /usr/share/ca-certificates.
Prerequisites
- You must have
root or administrative privileges - Access to system logs and audit trails
- Backup of known-good certificate store
- Understanding of your organization’s certificate management policies
Step-by-step guide
Step 1: Identify Modified Certificate
Review the Finding to determine which certificate or certificate store file was modified:
# Check certificate details
ls -l /etc/ssl/certs/
stat /path/to/modified/certificate
# View certificate information
openssl x509 -in /path/to/modified/certificate -text -noout
Step 2: Verify Legitimate Change
Check if the modification was part of an authorized certificate update:
# Check recent certificate updates (Debian/Ubuntu)
grep "ca-certificates" /var/log/dpkg.log
# Check recent certificate updates (RHEL/CentOS)
grep "ca-certificates" /var/log/dnf.log
# Review system update logs
journalctl -u unattended-upgrades --since "1 day ago"
