[Bro] unable to get local issuer certificate - X509 Certificate

Siwek, Jonathan Luke jsiwek at illinois.edu
Mon May 19 08:15:06 PDT 2014

On May 19, 2014, at 10:01 AM, Riccardo Bortolameotti <r.bortolameotti at gmail.com> wrote:

> I am having a problem with the developer version of Bro. Running the
> script that validates the certificates, I obtain:
> unable to get local issuer certificate
> even though the certificate is okay. I did not have this problem running
> the normal (non-dev) version.

Take a look at scripts/base/protocols/ssl/mozilla-ca-list.bro for the certificates that Bro trusts by default. I’m guessing that “SSL::root_certs” differs between versions of Bro and the issuer of the certificate in questions is included in the old version, but not the new.  You’re also free to “redef” that variable to add your own trusted certificates.

- Jon

More information about the Bro mailing list