It came to my attention that the mozilla-ca list of known CA certificate fingerprints do not appear to use commas for separating the (hex-represented) bytes of the fingerprint.
This seems to be a problem to be as for example IDS like suricata provide a tls.fingerprint keyword that expects the fingerprint in that format.
Also any resource I was able to find use the same format, see this [1] as an example
I'm wondering what would be the best approach in this case, I see two alternatives:
adjust the list to hex format (for example adding the same entries twice);
It came to my attention that the mozilla-ca list of known CA certificate fingerprints do not appear to use commas for separating the (hex-represented) bytes of the fingerprint.
This seems to be a problem to be as for example IDS like suricata provide a tls.fingerprint keyword that expects the fingerprint in that format.
Also any resource I was able to find use the same format, see this [1] as an example
I'm wondering what would be the best approach in this case, I see two alternatives:
Looking forward for your comments [1] https://www.netlock.hu/USEREN/html/cacrl.html