One of the new switches I have added to AdFind V01.50.00 is the –sslinfo switch.
This is some functionality I have long wanted to have in AdFind because getting info about the certs the Domain Controllers (or ADLDS) is presenting can be very useful information, especially for troubleshooting. That being said this switch should probably still have the BETA tag on it because it isn’t fully integrated into the rest of AdFind. That means you won’t be able to ask for just specific attributes that it outputs for the certs or get the info in CSV format or do ANY of the output manipulation that you can do with most things. You will also notice the normal server info header info isn’t there either.
I do intend to fix it and make it work in the normal way. The reason it is done this way is because it was a last minute add because I needed it (which is why AdFind and 90% of its functionality was produced anyway) and it is outside the normal LDAP data stream flow so is outside of the space where I have all of the searching/formating functionality.
If you haven’t checked it out though it is pretty cool.
[Wed 05/10/2017 20:59:31.16]
E:\issues\OU_DC>adfind -hh k16tst-dc1.k16tst.test.loc -sslinfo
AdFind V01.50.00cpp Joe Richards (support@joeware.net) May 2017
dn:CN=Certificate Info,CN=k16tst-dc1.k16tst.test.loc
>ciEncodingType: X509_ASN_ENCODING (0x01)
>ciVersion: CERT_V3 (0x02)
>ciNotBefore: 2017/04/27-09:24:40 Eastern Daylight Time
>ciNotAfter: 2018/04/27-09:24:40 Eastern Daylight Time
>ciSignatureAlgorithm: 1.2.840.113549.1.1.13
>ciIssuer: CN=CA1,DC=k16tst,DC=test,DC=loc
>ciSubject: CN=K16TST-DC1.k16tst.test.loc
>ciAltNameDNSName: K16TST-DC1.k16tst.test.loc
>ciAltNameDNSName: k16tst.test.loc
>ciAltNameDNSName: K16TST
dn:CN=SSL Connection Information,CN=k16tst-dc1.k16tst.test.loc
>ciProtocol: Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
>ciCipherAlgorithm: AES 256-bit encryption algorithm (CALG_AES_256)
>ciCipherStrength: 256 bits
>ciHashAlgorithm: 384 bit SHA hashing algorithm (CALG_SHA_384)
>ciHashStrength: 0 bits
>ciKeyExchAlgorithm: Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
>ciKeyExchStrength: 255 bits
The command completed successfully
[Wed 05/10/2017 20:59:33.33]
E:\issues\OU_DC>adfind -hh k16tst-dc2.k16tst.test.loc -sslinfo
AdFind V01.50.00cpp Joe Richards (support@joeware.net) May 2017
dn:CN=Certificate Info,CN=k16tst-dc2.k16tst.test.loc
>ciEncodingType: X509_ASN_ENCODING (0x01)
>ciVersion: CERT_V3 (0x02)
>ciNotBefore: 2017/04/08-12:15:53 Eastern Daylight Time
>ciNotAfter: 2018/04/08-12:15:53 Eastern Daylight Time
>ciSignatureAlgorithm: 1.2.840.113549.1.1.13
>ciIssuer: CN=CA1,DC=k16tst,DC=test,DC=loc
>ciSubject: CN=K16TST-DC2.k16tst.test.loc
>ciAltNameDNSName: K16TST-DC2.k16tst.test.loc
dn:CN=SSL Connection Information,CN=k16tst-dc2.k16tst.test.loc
>ciProtocol: Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
>ciCipherAlgorithm: AES 256-bit encryption algorithm (CALG_AES_256)
>ciCipherStrength: 256 bits
>ciHashAlgorithm: 384 bit SHA hashing algorithm (CALG_SHA_384)
>ciHashStrength: 0 bits
>ciKeyExchAlgorithm: Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
>ciKeyExchStrength: 255 bits
The command completed successfully
