SSL certificate validation failed

[Francois Lachance]

Hello all!

The last post about this topic was from November 2015 and it didn't really give a solution. I noticed that there's a lot of Bro Notices with the message "SSL certificate validation failed with (unable to get local issuer certificate)". I can understand why I would see this for any self-signed certs, but not why I would see those for Microsoft sites (see attached screenshot).

From what I understand, SO comes pre-loaded with the Mozilla root cert store. What I haven't figured out is how to update that cert store.

I am aware that there are issues with some certs (http://mailman.icsi.berkeley.edu/pipermail/bro/2014-November/007724.html) that Bro just can't/won't handle and will generate a notice. My hope is that updating the root store more often will reduce the number of notices.

Regards,

Francois

[Wes Lambert]

Hi Francois,

This is somewhat dated, but may be of assistance:

http://mailman.icsi.berkeley.edu/pipermail/bro/2012-February/004566.html

Thanks,

Wes

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

--

https://twitter.com/therealwlambert

https://securityonion.net/

[ricardo...@gmail.com]

Is there a new link? When I click on the link above I get a "403 Forbidden error"

[Francois Lachance]

The list was renamed to Zeek - just swap bro with zeek in the URL:
http://mailman.icsi.berkeley.edu/pipermail/zeek/2012-February/004566.html