4. SNORT:Rules download error: SSL certificate problem: self signed certificate in

SNORT:Rules download error: SSL certificate problem: self signed certificate in

  • N

    Hi,

    I am running squid in transparent mode on my pfsense. Further I added pfsense itself to configure with this squid proxy on the LAN interface. In general this is working. Unfortunately when trying to download snort updates I am getting a certificate warning in syslog:

    
Rules download error: SSL certificate problem: self signed certificate in certificate chain

    So I modified the following file to make sure that curl "trusts" the CA and can download the updates:

    /usr/local/pkg/snort/snort_check_for_rule_updates.php

    Original:

    
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

    Modified:

    
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    Now the update is working.

    Question:
    Is there a way or are there plans to make snort aware of a specific CA like we do when we add a CA to a webbrowser when intercepting SSL?

    Kind regards!

    0

  • At the moment nothing like that is in the code, but I guess it could be added.  Perhaps as an option that is configurable on the GLOBAL SETTINGS tab.  The line of code you altered to trust self-signed CAs was added to the Snort GUI code base a while back in an attempt to improve security, but it has the unintended side effect of interfering with some edge-case setups.

    Bill

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy