[Bro] Adding SSL certs to Bro 2.0
Will
baxterw3232 at gmail.com
Wed Mar 14 08:12:16 PDT 2012
Quick question. I am getting a timeout when trying to print the
variable containing the root_certs. I am just wondering if this is due
to having too many trusted certs loaded or if this is just a
limitation of the broctl print function. My primary concern is whether
bro was actually able to load all the root_certs on startup. I have
over 500 certs redef'd in site/mytrustedcerts.bro. Is this too many
for bro to handle?
broctl print SSL::root_certs
manager <error: time-out>
proxy-1 <error: time-out>
worker-1 <error: time-out>
worker-2 <error: time-out>
worker-3 <error: time-out>
worker-4 <error: time-out>
worker-5 <error: time-out>
worker-6 <error: time-out>
worker-7 <error: time-out>
worker-8 <error: time-out>
Thanks!
-will
On Wed, Feb 8, 2012 at 1:57 PM, Seth Hall <seth at icir.org> wrote:
>
> On Feb 8, 2012, at 12:54 PM, Stephane Chazelas wrote:
>
>> In case it may be of some help to anyone, here is a script to
>> convert a PEM CA cert bundle such as
>> /etc/ssl/certs/ca-certificates.crt as found on debian based
>> system to bro's format:
>
>
> Cool, thanks. We have a script in bro-aux that generates the CA list Bro script directly from the Mozilla repository too. If you have a copy of our source tree, the script is here:
> aux/bro-aux/devel-tools/gen-mozilla-ca-list.rb
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list