SSL certificate validation failed with (Problem initializing root store)

Hello world,

I got a lot of “SSL certificate validation failed with (unable to get local issuer certificate)” and “SSL certificate validation failed with (self-signed certificate in certificate chain)” alerts before, I think it should be because zeek doesn’t know the ssl certificate issued by the local CA, so I added the local CA certificate with

@load base/protocols/ssl
module SSL;
redef root_certs += {
# Convertion of certificate from certificate.pem to hex with \x
# Convertion of  certificate from certificat.crt to hex with \x

but later i got “SSL certificate validation failed with (Problem initializing root store)”, can anybody help me to resolve this problem pls?

Thanks a lot !!!

The certs need to be in .der format, not .pem or .crt.

Here’s a script that can help generate the right output: · GitHub

You can use openssl to convert pem to der with something like

openssl  x509 -in foo.pem  -outform der -out foo.der

Thanks a lot for your replay Justin, it works!

And for others who has the same problem, the commande of openssl is
openssl x509 -in foo.pem -out foo.der -outform DER

Have a nice day!!