[Bro] Adding SSL certs to Bro 2.0
Louis F Ruppert
lruppert at syr.edu
Wed Nov 16 13:16:58 PST 2011
The semicolon at the end of the second line errors. Removing it causes it to work.
If anyone's interested, I have a sloppy python script that will take a "standard" .pem cert and output a valid "redef SSL::root_certs += {..." stanza like the one Seth wrote. I tested it with the cacert root sig and it's happy with my certs now. :)
-Lou
--
Lou Ruppert
Intrusion Analyst, GCFA
Information Security
Syracuse University
________________________________________
From: bro-bounces at bro-ids.org [bro-bounces at bro-ids.org] on behalf of Seth Hall [seth at icir.org]
Sent: Wednesday, November 16, 2011 1:16 PM
To: Mathew Binkley
Cc: bro at bro-ids.org
Subject: Re: [Bro] Adding SSL certs to Bro 2.0
On Nov 16, 2011, at 12:28 PM, Mathew Binkley wrote:
> Hi! I've been testing the 2.0 beta (kudos, btw).
Great, thanks!
> I see share/bro/base/protocols/ssl/mozilla-ca-list has a bundle of root
> CA certs. Is there a way to add our own to that or to a separate file?
> How is that file generated? Thanks.
We have a exercise from the workshop that specifically addresses this situation. We will be posting the workshop material really soon too.
Ultimately, you need to take a DER formatted version of your root public key and convert it to Bro's hex string representation and add it to the SSL::root_certs table. Like this....
redef SSL::root_certs += {
["your root certificates subject"] = "\x30\x82\x03\x75\x30\x82<snip a lot more of this>";
};
You can add that to the bottom of your local.bro file as Sridhar recommended.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list