policy/protocols/ssl/extract-certs-pem.bro

SSL

This script is used to extract host certificates seen on the wire to disk after being converted to PEM files. The certificates will be stored in a single file, one for local certificates and one for remote certificates.

Note

  • It doesn’t work well on a cluster because each worker will write its own certificate files and no duplicate checking is done across the cluster so each node would log each certificate.
Namespace:SSL
Imports:base/files/x509, base/protocols/ssl, base/utils/directions-and-hosts.bro
Source File:/scripts/policy/protocols/ssl/extract-certs-pem.bro

Summary

Runtime Options

SSL::extract_certs_pem: Host &redef Control if host certificates offered by the defined hosts will be written to the PEM certificates file.

Detailed Interface

Runtime Options

SSL::extract_certs_pem
Type:Host
Attributes:&redef
Default:LOCAL_HOSTS

Control if host certificates offered by the defined hosts will be written to the PEM certificates file. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.

Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.