[Bro] Adding SSL certs to Bro 2.0
Seth Hall
seth at icir.org
Wed Nov 16 10:16:40 PST 2011
On Nov 16, 2011, at 12:28 PM, Mathew Binkley wrote:
> Hi! I've been testing the 2.0 beta (kudos, btw).
Great, thanks!
> I see share/bro/base/protocols/ssl/mozilla-ca-list has a bundle of root
> CA certs. Is there a way to add our own to that or to a separate file?
> How is that file generated? Thanks.
We have a exercise from the workshop that specifically addresses this situation. We will be posting the workshop material really soon too.
Ultimately, you need to take a DER formatted version of your root public key and convert it to Bro's hex string representation and add it to the SSL::root_certs table. Like this....
redef SSL::root_certs += {
["your root certificates subject"] = "\x30\x82\x03\x75\x30\x82<snip a lot more of this>";
};
You can add that to the bottom of your local.bro file as Sridhar recommended.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list