adulau/crl-monitor
1
0
Fork 0
mirror of https://github.com/adulau/crl-monitor.git synced 2024-11-21 17:47:09 +00:00
Code Issues Projects Releases Packages Wiki Activity

Minimal SSL certificate collector

Browse source
This commit is contained in:
Alexandre Dulaunoy 2015-02-01 18:24:19 +01:00
parent 19ee42fa3e
commit 8f4460ba72
1 changed files with 38 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
COLLECTOR.md Normal file
View file

@ -0,0 +1,38 @@
Building your own SSL certificate collector
===========================================
In order to build your own collector box for SSL certificate, ssldump
is required. The best is clone my ssldump version including recent
patches and some fixes for tapping monitored uplinks.
~~~~
git clone https://github.com/adulau/ssldump.git
cd ssldump
./configure --with-pcap-lib=/usr/lib/x86_64-linux-gnu/
~~~~
ssldump needs to be built *WITHOUT* OpenSSL support. We gather the raw
certificate extracted with ssldump directly.
Starting collection
===================
To test the compiled ssldump binary:
~~~~
cd ssldump
sudo ./ssldump -ANn -i eth1
~~~~
To test the parsing of the raw certificates:
~~~~
cd ssldump
sudo ./ssldump -ANn -i eth1 | python ../crl-monitor/bin/x509/pcal-sslcert.py -v
~~~~
Feeding the certificate store: