Check For Debian Weak Keys

Identify and mitigate the Debian OpenSSL vulnerability in your certificates

What is a Debian Weak Key?

In 2006 a bug was introduced into Debian's openssl package. This bug resulted in very weak keys being generated for SSH, SSL Certificates, OpenVPN and other uses. The bug was not found and fixed until May 2008. Keys generated between those dates and later in unpatched Debian or Debian based systems should not be used.

How Can I Check For Debian Weak Keys?

Our CSR and Certificate Decoder can help find certificates and CSRs that contain Debian weak keys. Try to decode some of the examples below with our decoder.

To check websites our SSL Certificate Checker can help find deployed certificates that have weak keys. We also provide a certificate audit service that amongst many other things will help to locate certificates with Debian weak keys.

Examples of Debian Weak Key CSRs

Both the CertLogik CSR Decoder and Comodo CSR Decoder correctly reports the CSR below as containing a weak key. 

-----BEGIN CERTIFICATE REQUEST-----
MIIBizCB9QIBADBMMQswCQYDVQQGEwJHQjESMBAGA1UECBMJQmVya3NoaXJlMRAw
DgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5NeSBDb21wYW55IEx0ZDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA5fy56mgUe5YqxNxwzLdRricjfVwgc9pRGbYc
sV+uSgRRpGVImD8AD45avTw0wdICGDTAiBAxSQCZfsZfdp42YSuOy/LePj2sTKQk
azOpM9SmOf4E7OPWd94O9Jv809d7EzZh4yu+9tEDVgiDNhqZraHYl3nAwBCOw2lt
CkxUnwUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBANYS454tPh2QD3bS911kS3/F
BqOzbWWuNnh5nxH/ObB2x841h2MujLpOmrjeudON7siRb3VCn/K/rRQ0Q0fbrZ5R
rjWY2bSwYAziRon/JgI7uKnfIjRGktrFwlQptCkFfbr42GmV3mWjaHRqk+udP39m
n8ukO4LSxo1REOW1vdGD
-----END CERTIFICATE REQUEST-----

Examples of Debian Weak Key Certificates

The CertLogik Certificate Decoder correctly reports the certificates below as containing weak keys. 

-----BEGIN CERTIFICATE-----
MIIDzTCCArWgAwIBAgIJAJs7Mrs4MdflMA0GCSqGSIb3DQEBBQUAME0xCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRAwDgYDVQQKEwdUZXN0bGliMQ0wCwYD
VQQLEwRUZXN0MQswCQYDVQQDEwJDQTAeFw0wODA1MTIxNzM2NTZaFw0wODA2MTEx
NzM2NTZaME0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRAwDgYDVQQK
EwdUZXN0bGliMQ0wCwYDVQQLEwRUZXN0MQswCQYDVQQDEwJDQTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANM8XW6YsOpOq3amDWoKe5xZg8WMCqHTw3lp
WBafJwJ7rIElP6V5xILohKLhzvDKgT7INZ6WENKUc8o21jwegaAQGkgaPP9YYQ6O
pyoqFYJn1m9NooZpKKI9RuAhxUQv355K3WvFNn0/dyJhCSlRExCDbnp31gi38ZH4
JBm+EYfsoYTwZlHESOqQR4gT623JvlP8ZmnTHKtjij8wY9E8ytpbSvojHc75VIbt
XS1xjDDgzkraL/3hgWAD8J0YOiXMsodKVwOVAOS2UAurfNQ13DAdGfLCVq5Pg33S
3mMOiKZSqHwfKkRCJFA9qX3D7rvHk+blvuxjHB7SeI/LHaEOCvcCAwEAAaOBrzCB
rDAdBgNVHQ4EFgQUC//QSRcOIUe7DnKguOpX+kBmqVcwfQYDVR0jBHYwdIAUC//Q
SRcOIUe7DnKguOpX+kBmqVehUaRPME0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdB
cml6b25hMRAwDgYDVQQKEwdUZXN0bGliMQ0wCwYDVQQLEwRUZXN0MQswCQYDVQQD
EwJDQYIJAJs7Mrs4MdflMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
ALRkK4uZ60YHeL6LYLJyhz1p/FJXNWb2TqO7kZQl3ZfkmFJF1524N/K8KrZLwIGJ
KJXUPcGTkBm/3tmvIuAMxn/MRvlEPW1nwQG81QXltObHRF5123Tl1px30Y8B00/V
VBqeKw7sMLF0b4PmnegPz77UhsGikffPJwLt6VUO0j52RW/XvpletgqcxWMHqVLK
z0V73UyaJT3wEm6zEjJINPfPwcw46IeOXcnEekon3JbDxtvm8Q706YOziPStGcel
hh+5myPwDwMgc/mH+jDBK8vyaYGb+xViHK9Fa70jkcSX/AOmYYRKfKZbaR8ba/Ee
xosT4eW/v04AyK9nfcPNbhg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICDzCCAXgCCQCusmyauLBA4jANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJH
QjESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQK
Ew5NeSBDb21wYW55IEx0ZDAeFw0wODA1MTYxODE0MDJaFw0wOTA1MTYxODE0MDJa
MEwxCzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05l
d2J1cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDl/LnqaBR7lirE3HDMt1GuJyN9XCBz2lEZthyxX65KBFGkZUiY
PwAPjlq9PDTB0gIYNMCIEDFJAJl+xl92njZhK47L8t4+PaxMpCRrM6kz1KY5/gTs
49Z33g70m/zT13sTNmHjK7720QNWCIM2GpmtodiXecDAEI7DaW0KTFSfBQIDAQAB
MA0GCSqGSIb3DQEBBQUAA4GBANNXoSJuOlQqT5JIBJs8ba+2TA9hrxXQrXUWvySy
2NyF9l4CEwPdwYf+xKde6Ga5yEY/fejLG2WEZJBa8aas7nkKqkiNBnjmqbph2gP6
7LldvthZqKkUl6BkkTr3bZEXPXa6JLHtcpRKT5ybTWIHfh0waSVmpD6o/7KictNA
Bq3R
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----                                  
MIIFVDCCBDygAwIBAgIRAJpy4raEeU4hKyWKPD/wwTEwDQYJKoZIhvcNAQEFBQAw
gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl
IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY
aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0
LUhhcmR3YXJlMB4XDTA3MDkwNzAwMDAwMFoXDTA4MTAwMzIzNTk1OVowgdAxCzAJ
BgNVBAYTAkZSMQ4wDAYDVQQREwUzODI0MDEOMAwGA1UECBMFSXNlcmUxDzANBgNV
BAcTBk1leWxhbjEeMBwGA1UECRMVNDUsIGF2ZW51ZSBkdSB2ZXJjb3JzMQ4wDAYD
VQQSEwUzODI0MDEVMBMGA1UEChMMRWxpb3R0IE5lc3NzMQswCQYDVQQLEwJGUjEa
MBgGA1UECxMRQ29tb2RvIEluc3RhbnRTU0wxIDAeBgNVBAMTF3BheW1lbnQuZWxp
b3R0LW5lc3MuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf/0nTJMMd
w5Qx0nE33vqHH9D1Bj/3j6SdUvDfzJg1d6A+e8U3u+Bi34copDJ7jcJzZZ6iDbXE
d0Ue5oEt7XLX+eNnZIkFcdfGnqfyLkUX6MSTrHvMmkICRlZZoNMhKIYrD3WGDwLk
lGafi1+5x0VrAq0eRE3seyuXYdlyLiLFTQIDAQABo4IB4jCCAd4wHwYDVR0jBBgw
FoAUoXJfJhsomEOVXQc31YWWnUvSw0UwHQYDVR0OBBYEFEjD9ux4bFWLzxCYPW6s
mcxsiWY7MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjARBglghkgBhvhCAQEEBAMCBsAwRgYDVR0gBD8w
PTA7BgwrBgEEAbIxAQIBAwQwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUu
Y29tb2RvLm5ldC9DUFMwewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21v
ZG9jYS5jb20vVVROLVVTRVJGaXJzdC1IYXJkd2FyZS5jcmwwNqA0oDKGMGh0dHA6
Ly9jcmwuY29tb2RvLm5ldC9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNybDCBhgYI
KwYBBQUHAQEEejB4MDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNv
bS9VVE5BZGRUcnVzdFNlcnZlckNBLmNydDA5BggrBgEFBQcwAoYtaHR0cDovL2Ny
dC5jb21vZG8ubmV0L1VUTkFkZFRydXN0U2VydmVyQ0EuY3J0MA0GCSqGSIb3DQEB
BQUAA4IBAQCV53jpJ496k14zUPlEc9a9cuZypE1ZDOs/QlVP1BFbtPLUGP6qtEDx
WcFSzUHLbowjn0q2mwmGseOG87jAnxMwKQFwH4AkxGAh89UUKXHhBCrtApfWxhec
zOxE3N/mJclWaStRiAAZB8V2tvnp7a1oGqtCOiUURkDMliHaIRBDozT5UQJ1IWmB
CDgJdpveX370VDEi794t35TvMX0uDRJ2E++axOctT6Ds14ZKbUTYVTcJdNfoS30L
/w88bzLrSDrR/q5nq8vSH2Au0nCIucsQc+7IYbK6g00zrEMPIs56N++5vqAmzWO6
gqGuGPDPXMw2lEfSSwcDYTiXzMRJmepL                                
-----END CERTIFICATE-----

Related Tools

Additional Resources

Worried About Certificate Security?

Try CertAlert to monitor your certificates and prevent security issues

Learn About CertAlert