This script is used to extract host certificates seen on the wire to disk after being converted to PEM files. The certificates will be stored in a single file, one for local certificates and one for remote certificates.
It doesn’t work well on a cluster because each worker will write its own certificate files and no duplicate checking is done across the cluster so each node would log each certificate.
base/files/x509, base/protocols/ssl, base/utils/directions-and-hosts.zeek
Control if host certificates offered by the defined hosts will be written to the PEM certificates file.
Control if host certificates offered by the defined hosts will be written to the PEM certificates file. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.