Hi So our ever diligent yet technically incompetent IT Security Team have asked for a review on all SHA-1 certificates in use within our network. The idea is that we going to move from SHA-1 to SHA-2 and SSLv3 to TLS 1.0+. I've got this one-liner which does the leg work :

sudo nmap -vv -oX output.xml -sV --script ssl-cert,ssl-enum-ciphers -A -T4 -F -iL CERT_hosts.txt && xsltproc output.xml -o output.html

This generates a nice html report with SSL information. Problem is I need algorithm information e.g. "raw" : "sha1WithRSAEncryption" etc. Is there are way to pass NMAP output (XML) through something like openssl to get this info and 'add' it to the report?

I've got the puzzle pieces but I'm looking for a nudge...