Building your own SSL certificate collector
===========================================

In order to build your own collector box for SSL certificate, ssldump
is required. The best is clone my ssldump version including recent
patches and some fixes for tapping monitored uplinks.

~~~~
git clone https://github.com/adulau/ssldump.git
cd ssldump
./configure --with-pcap-lib=/usr/lib/x86_64-linux-gnu/
~~~~

ssldump needs to be built *WITHOUT* OpenSSL support. We gather the raw
certificate extracted with ssldump directly.

Starting collection
===================

To test the compiled ssldump binary:

~~~~
cd ssldump
sudo ./ssldump -ANn -i eth1
~~~~

To test the parsing of the raw certificates:

~~~~
cd ssldump
sudo ./ssldump -ANn -i eth1 | python ../crl-monitor/bin/x509/pcap-sslcert.py -v
~~~~

To dump from JSON the raw certificates:

~~~~
cd ssldump
sudo ./ssldump -ANn -i eth1 | python ../crl-monitor/bin/x509/pcap-sslcert.py -j | jq -r .pem
~~~~

Feeding the certificate store: