SSL certificate validation failed with (Problem initializing root store)

OoO · September 9, 2022, 4:02pm

Hello world,

I got a lot of “SSL certificate validation failed with (unable to get local issuer certificate)” and “SSL certificate validation failed with (self-signed certificate in certificate chain)” alerts before, I think it should be because zeek doesn’t know the ssl certificate issued by the local CA, so I added the local CA certificate with

@load base/protocols/ssl
module SSL;
redef root_certs += {
# Convertion of certificate from certificate.pem to hex with \x
# Convertion of  certificate from certificat.crt to hex with \x
};

but later i got “SSL certificate validation failed with (Problem initializing root store)”, can anybody help me to resolve this problem pls?

Thanks a lot !!!

JustinAzoff · September 9, 2022, 4:51pm

The certs need to be in .der format, not .pem or .crt.

Here’s a script that can help generate the right output: gen_certs.py · GitHub

You can use openssl to convert pem to der with something like

openssl  x509 -in foo.pem  -outform der -out foo.der

OoO · September 12, 2022, 10:24am

Thanks a lot for your replay Justin, it works!

And for others who has the same problem, the commande of openssl is
openssl x509 -in foo.pem -out foo.der -outform DER

Have a nice day!!

Topic		Replies	Views
broctl install failed: host key verification failed, solved Zeek	1	72	May 6, 2022
validate-certs.bro error Development development	4	75	May 6, 2022
zeek package manager Zeek	3	69	May 6, 2022
(no subject) Zeek	6	69	May 6, 2022
Errors trying to implement the detection on CVE-2020-0601 Zeek	6	83	May 6, 2022

SSL certificate validation failed with (Problem initializing root store)

Related Topics