Installing internal CA on Security Onion

408 views
Skip to first unread message

Jeff

unread,
Sep 16, 2015, 12:47:37 PM9/16/15
to security-onion
Now that I am starting to use Sguil I am using ELSA on my Security Onion box (via SSH forwarding) and on the Security Onion VM I have built on my local computer.

On my Security Onion standalone system I have setup each of the sites to use SSL certs signed by my internal CA. This is all set and working.

I am now trying to add my internal CA as trusted on my VM I use for analysis to avoid SSL warnings when I pivot from Squil to ELSA.

I have followed the directions here (https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate) I created the extras directory and copied the CA certificate to /usr/share/ca-certificates/extras and ran sudo dpkg-reconfigure ca-certificates and verified that the CA was installed.

I tested in Firefox, Chromium and Google Chrome and I am still getting SSL warnings, so I am assuming that the CA is not properly installed/trusted.

I was able to manually add it to Firefox via the preferences, but I believe Chromium and Chrome use the systems default CA store.

I have the CA installed on my computer and do not receive SSL warnings when viewing the Security Onion websites, so I know the SSL certs are setup correctly.

Any help on what I'm doing wrong and how to fix would be much appreciated.

Jeff

shane....@gmail.com

unread,
Sep 16, 2015, 1:18:12 PM9/16/15
to securit...@googlegroups.com
SSL warnings from what? What are the messages?

Sent from my iPad
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.

Jeff

unread,
Sep 16, 2015, 1:29:40 PM9/16/15
to security-onion
On Wednesday, September 16, 2015 at 10:18:12 AM UTC-7, Shane Castle wrote:
> SSL warnings from what? What are the messages?
>
> Sent from my iPad
>

In Chrome and Chromium:
Page title is "Privacy Error"
Error message is NET::ERR_CERT_AUTHORITY_INVALID

I can click through and ignore the warning, but don't want to have to do this every time I launch ELSA.
Screenshot: http://imgur.com/LT9JKeM

In Firefox where I was able to manually import the CA in the browser I get no warnings and click on the lock icon shows the site was verified by my CA.
Screenshot: http://imgur.com/auakV2o

Jeff

Jeff

unread,
Sep 16, 2015, 1:34:07 PM9/16/15
to security-onion

Hmm, a bit more Googling shows that maybe Chrome uses it's own SSL store. I don't remember that being the case previously, but I imported the CA into Chrome as I did in Firefox and now I am able to get to the site without any SSL warnings.

Sorry for the noise.

Jeff

Reply all
Reply to author
Forward
0 new messages