Control: Use strong and secure private key (at least a 2048-bit RSA or 256-bit ECDSA key)

Description

Private key is the single most important component of your SSL certificate that's used in the encryption/decryption of data sent between your server and the connecting clients. Larger keys are harder to crack, but require more computing overhead. It is recommended to use secure private key algorithm (at least a 2048-bit RSA or 256-bit ECDSA) to make your website secure.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.ssl_certificate_secure_private_key

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.ssl_certificate_secure_private_key --share

Steampipe Tables

net_certificate

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

select
  common_name as resource,
  case
    when (
      public_key_algorithm = 'RSA'
      and public_key_length = 2048
    )
    or (
      public_key_algorithm = 'ECDSA'
      and public_key_length = 256
    ) then 'ok'
    else 'alarm'
  end as status,
  common_name || ' uses ' || public_key_length || '-bit ' || public_key_algorithm || ' key.' as reason
from
  net_certificate
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
order by
  common_name;