mirror of https://github.com/adulau/crl-monitor.git synced 2024-11-21 17:47:09 +00:00

Alexandre Dulaunoy 7c960b6b05 Update COLLECTOR.md

Dump from JSON to raw pem files.

2015-06-21 11:34:10 +02:00

991 B

Raw Blame History

Building your own SSL certificate collector

In order to build your own collector box for SSL certificate, ssldump is required. The best is clone my ssldump version including recent patches and some fixes for tapping monitored uplinks.

git clone https://github.com/adulau/ssldump.git
cd ssldump
./configure --with-pcap-lib=/usr/lib/x86_64-linux-gnu/

ssldump needs to be built WITHOUT OpenSSL support. We gather the raw certificate extracted with ssldump directly.

Starting collection

To test the compiled ssldump binary:

cd ssldump
sudo ./ssldump -ANn -i eth1

To test the parsing of the raw certificates:

cd ssldump
sudo ./ssldump -ANn -i eth1 | python ../crl-monitor/bin/x509/pcap-sslcert.py -v

To dump from JSON the raw certificates:

cd ssldump
sudo ./ssldump -ANn -i eth1 | python ../crl-monitor/bin/x509/pcap-sslcert.py -j | jq -r .pem

Feeding the certificate store:

991 B Raw Blame History

Building your own SSL certificate collector

Starting collection

991 B

Raw Blame History