policy/protocols/ssl/extract-certs-pem.zeek¶
-
SSL
¶
This script is used to extract host certificates seen on the wire to disk after being converted to PEM files. The certificates will be stored in a single file, one for local certificates and one for remote certificates.
Note
It doesn’t work well on a cluster because each worker will write its own certificate files and no duplicate checking is done across the cluster so each node would log each certificate.
- Namespace
SSL
- Imports
base/files/x509, base/protocols/ssl, base/utils/directions-and-hosts.zeek