SNORT:Rules download error: SSL certificate problem: self signed certificate in

IDS/IPS
Log in to reply
  • N

    Hi,

    I am running squid in transparent mode on my pfsense. Further I added pfsense itself to configure with this squid proxy on the LAN interface. In general this is working. Unfortunately when trying to download snort updates I am getting a certificate warning in syslog:

    
Rules download error: SSL certificate problem: self signed certificate in certificate chain

    So I modified the following file to make sure that curl "trusts" the CA and can download the updates:

    /usr/local/pkg/snort/snort_check_for_rule_updates.php

    Original:

    
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

    Modified:

    
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    Now the update is working.

    Question:
    Is there a way or are there plans to make snort aware of a specific CA like we do when we add a CA to a webbrowser when intercepting SSL?

    Kind regards!

    0
  • bmeeks

    At the moment nothing like that is in the code, but I guess it could be added.  Perhaps as an option that is configurable on the GLOBAL SETTINGS tab.  The line of code you altered to trust self-signed CAs was added to the Snort GUI code base a while back in an attempt to improve security, but it has the unintended side effect of interfering with some edge-case setups.

    Bill

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy