mirror of
https://github.com/adulau/crl-monitor.git
synced 2024-12-22 16:56:01 +00:00
Minimal SSL certificate collector
This commit is contained in:
parent
19ee42fa3e
commit
8f4460ba72
1 changed files with 38 additions and 0 deletions
38
COLLECTOR.md
Normal file
38
COLLECTOR.md
Normal file
|
@ -0,0 +1,38 @@
|
|||
|
||||
Building your own SSL certificate collector
|
||||
===========================================
|
||||
|
||||
In order to build your own collector box for SSL certificate, ssldump
|
||||
is required. The best is clone my ssldump version including recent
|
||||
patches and some fixes for tapping monitored uplinks.
|
||||
|
||||
~~~~
|
||||
git clone https://github.com/adulau/ssldump.git
|
||||
cd ssldump
|
||||
./configure --with-pcap-lib=/usr/lib/x86_64-linux-gnu/
|
||||
~~~~
|
||||
|
||||
ssldump needs to be built *WITHOUT* OpenSSL support. We gather the raw
|
||||
certificate extracted with ssldump directly.
|
||||
|
||||
Starting collection
|
||||
===================
|
||||
|
||||
To test the compiled ssldump binary:
|
||||
|
||||
~~~~
|
||||
cd ssldump
|
||||
sudo ./ssldump -ANn -i eth1
|
||||
~~~~
|
||||
|
||||
To test the parsing of the raw certificates:
|
||||
|
||||
~~~~
|
||||
cd ssldump
|
||||
sudo ./ssldump -ANn -i eth1 | python ../crl-monitor/bin/x509/pcal-sslcert.py -v
|
||||
~~~~
|
||||
|
||||
Feeding the certificate store:
|
||||
|
||||
|
||||
|
Loading…
Reference in a new issue