SNORT:Rules download error: SSL certificate problem: self signed certificate in



  • Hi,

    I am running squid in transparent mode on my pfsense. Further I added pfsense itself to configure with this squid proxy on the LAN interface. In general this is working. Unfortunately when trying to download snort updates I am getting a certificate warning in syslog:

    
    Rules download error: SSL certificate problem: self signed certificate in certificate chain
    
    

    So I modified the following file to make sure that curl "trusts" the CA and can download the updates:

    /usr/local/pkg/snort/snort_check_for_rule_updates.php

    Original:

    
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    
    

    Modified:

    
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    
    

    Now the update is working.

    Question:
    Is there a way or are there plans to make snort aware of a specific CA like we do when we add a CA to a webbrowser when intercepting SSL?

    Kind regards!



  • At the moment nothing like that is in the code, but I guess it could be added.  Perhaps as an option that is configurable on the GLOBAL SETTINGS tab.  The line of code you altered to trust self-signed CAs was added to the Snort GUI code base a while back in an attempt to improve security, but it has the unintended side effect of interfering with some edge-case setups.

    Bill


Log in to reply