SSL certificate validation failed with (Problem initializing root store)

OoO · September 9, 2022, 4:02pm

Hello world,

I got a lot of “SSL certificate validation failed with (unable to get local issuer certificate)” and “SSL certificate validation failed with (self-signed certificate in certificate chain)” alerts before, I think it should be because zeek doesn’t know the ssl certificate issued by the local CA, so I added the local CA certificate with

@load base/protocols/ssl
module SSL;
redef root_certs += {
# Convertion of certificate from certificate.pem to hex with \x
# Convertion of  certificate from certificat.crt to hex with \x
};

but later i got “SSL certificate validation failed with (Problem initializing root store)”, can anybody help me to resolve this problem pls?

Thanks a lot !!!

JustinAzoff · September 9, 2022, 4:51pm

The certs need to be in .der format, not .pem or .crt.

Here’s a script that can help generate the right output: gen_certs.py · GitHub

You can use openssl to convert pem to der with something like

openssl  x509 -in foo.pem  -outform der -out foo.der

OoO · September 12, 2022, 10:24am

Thanks a lot for your replay Justin, it works!

And for others who has the same problem, the commande of openssl is
openssl x509 -in foo.pem -out foo.der -outform DER

Have a nice day!!

Topic		Replies	Views
Certificate questions Zeek	4	667	May 6, 2022
Adding SSL certs to Bro 2.0 Zeek	12	112	May 6, 2022
unable to get local issuer certificate - X509 Certificate Zeek	4	144	May 6, 2022
Recommendations on SSL events in notice.log Zeek	1	97	May 6, 2022
broctl install failed: host key verification failed, solved Zeek	1	142	May 6, 2022

SSL certificate validation failed with (Problem initializing root store)

Related topics