[Bro] unable to get local issuer certificate - X509 Certificate

Riccardo Bortolameotti r.bortolameotti at gmail.com
Mon May 19 08:49:40 PDT 2014


I have updated the file of the developer version with the "official" one
(2.2) and it works.. Thank you very much guys! problem solved!! ;D

On Mon, 2014-05-19 at 15:15 +0000, Siwek, Jonathan Luke wrote:
> On May 19, 2014, at 10:01 AM, Riccardo Bortolameotti <r.bortolameotti at gmail.com> wrote:
> 
> > I am having a problem with the developer version of Bro. Running the
> > script that validates the certificates, I obtain:
> > 
> > unable to get local issuer certificate
> > 
> > even though the certificate is okay. I did not have this problem running
> > the normal (non-dev) version.
> 
> Take a look at scripts/base/protocols/ssl/mozilla-ca-list.bro for the certificates that Bro trusts by default. I’m guessing that “SSL::root_certs” differs between versions of Bro and the issuer of the certificate in questions is included in the old version, but not the new.  You’re also free to “redef” that variable to add your own trusted certificates.
> 
> - Jon





More information about the Bro mailing list