policy/protocols/ssl/extract-certs-pem.zeek

SSL

This script is used to extract host certificates seen on the wire to disk after being converted to PEM files. The certificates will be stored in a single file, one for local certificates and one for remote certificates.

Note

• It doesn’t work well on a cluster because each worker will write its own certificate files and no duplicate checking is done across the cluster so each node would log each certificate.

Namespace:SSL Imports:base/files/x509, base/protocols/ssl, base/utils/directions-and-hosts.zeek

Summary

Runtime Options

SSL::extract_certs_pem: Host &redef

Control if host certificates offered by the defined hosts will be written to the PEM certificates file.

Detailed Interface

Runtime Options

SSL::extract_certs_pem

Type:Host Attributes:&redef Default:LOCAL_HOSTS

Control if host certificates offered by the defined hosts will be written to the PEM certificates file. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.