Greetings Zeek community,
I’m very new to Zeek, but really like what I’m see so far. I need some help or perhaps a bit of education though. I have it setup in a Security Onion VM.
I see a lot of messages about SSL including “unable to get local issuer certificate”, which I understand COULD be self-signed certs.
I also see many, many SSL::Invalid_Server_Cert notices in Kibana. Many others say "SSL certificate validation failed with (self signed certificate in certificate chain).
These would all be of interest, however they ALL point back to very legitimate sources like Apple and Microsoft. I find it hard to believe that these major companies have problems with that many certificates and servers. Could this really be the case???
I could find very little information on Google regarding this. One article said something about Zeek not being able to match them up with root cert servers or something like that.
Is it possible that Zeek is missing something like a list of root CAs or something? Is this just garbage caused by something else. This will leave me scratching my head until I come back on Monday. I appreciate the help.
NS Wheeling-Nisshin Inc.
PO Box 635
Follansbee, WV 26037