policy/protocols/ssl/extract-certs-pem.zeek¶
-
SSL
¶
This script is used to extract host certificates seen on the wire to disk after being converted to PEM files. The certificates will be stored in a single file, one for local certificates and one for remote certificates.
Note
- It doesn’t work well on a cluster because each worker will write its own certificate files and no duplicate checking is done across the cluster so each node would log each certificate.
Namespace: | SSL |
---|---|
Imports: | base/files/x509, base/protocols/ssl, base/utils/directions-and-hosts.zeek |
Summary¶
Runtime Options¶
SSL::extract_certs_pem : Host &redef |
Control if host certificates offered by the defined hosts will be written to the PEM certificates file. |