SNORT:Rules download error: SSL certificate problem: self signed certificate in
-
Hi,
I am running squid in transparent mode on my pfsense. Further I added pfsense itself to configure with this squid proxy on the LAN interface. In general this is working. Unfortunately when trying to download snort updates I am getting a certificate warning in syslog:
Rules download error: SSL certificate problem: self signed certificate in certificate chain
So I modified the following file to make sure that curl "trusts" the CA and can download the updates:
/usr/local/pkg/snort/snort_check_for_rule_updates.php
Original:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
Modified:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Now the update is working.
Question:
Is there a way or are there plans to make snort aware of a specific CA like we do when we add a CA to a webbrowser when intercepting SSL?Kind regards!
-
At the moment nothing like that is in the code, but I guess it could be added. Perhaps as an option that is configurable on the GLOBAL SETTINGS tab. The line of code you altered to trust self-signed CAs was added to the Snort GUI code base a while back in an attempt to improve security, but it has the unintended side effect of interfering with some edge-case setups.
Bill