Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SNORT:Rules download error: SSL certificate problem: self signed certificate in

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nachtfalke
      last edited by

      Hi,

      I am running squid in transparent mode on my pfsense. Further I added pfsense itself to configure with this squid proxy on the LAN interface. In general this is working. Unfortunately when trying to download snort updates I am getting a certificate warning in syslog:

      
      Rules download error: SSL certificate problem: self signed certificate in certificate chain
      
      

      So I modified the following file to make sure that curl "trusts" the CA and can download the updates:

      /usr/local/pkg/snort/snort_check_for_rule_updates.php

      Original:

      
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
      
      

      Modified:

      
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
      
      

      Now the update is working.

      Question:
      Is there a way or are there plans to make snort aware of a specific CA like we do when we add a CA to a webbrowser when intercepting SSL?

      Kind regards!

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        At the moment nothing like that is in the code, but I guess it could be added.  Perhaps as an option that is configurable on the GLOBAL SETTINGS tab.  The line of code you altered to trust self-signed CAs was added to the Snort GUI code base a while back in an attempt to improve security, but it has the unintended side effect of interfering with some edge-case setups.

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.