extract-certs-pem.zeek¶

SSL¶

This script is used to extract host certificates seen on the wire to disk after being converted to PEM files. The certificates will be stored in a single file, one for local certificates and one for remote certificates.

Note

It doesn’t work well on a cluster because each worker will write its own certificate files and no duplicate checking is done across the cluster so each node would log each certificate.

Namespace: SSL
Imports: base/files/x509, base/protocols/ssl, base/utils/directions-and-hosts.zeek

Summary¶

Runtime Options¶

SSL::extract_certs_pem: Host &redef

Control if host certificates offered by the defined hosts will be written to the PEM certificates file.

Detailed Interface¶

Runtime Options¶

SSL::extract_certs_pem¶

Type: Host
Attributes: &redef
Default: LOCAL_HOSTS

Control if host certificates offered by the defined hosts will be written to the PEM certificates file. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.