Too Long TLS Cert. Validity - Exclude TLS Certificate Issuer not working

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring

http://www.ntop.org

GNU General Public License v3.0

6.26k stars 656 forks source link

Too Long TLS Cert. Validity - Exclude TLS Certificate Issuer not working #6750

Closed martinscheu closed 2 years ago

martinscheu commented 2 years ago

Environment:

OS name: [e.g. Ubuntu]
OS version: [e.g. 18.04]
Architecture: [e.g. amd64]
ntopng version/revision: [e.g. 5.1.211223] : ntopng Enterprise L v.5.3.220623 (Ubuntu 20.04.4 LTS)

What happened: Trying to add a TLS Certificate Issuer in Exclude Checks "Too Long TLS Cert. Validity" seems not working. Or syntax is wrong ? CN=ICS-CN

What did you expect to happen?

How did you reproduce it?

Debug Information:

lucaderi commented 2 years ago

Are you using nprobe or capturing packets from the network interface?

martinscheu commented 2 years ago

is the standard ntopng installation with mirror port

cardigliano commented 2 years ago

Adding "CN=ICS-CN" as IssuerDN in the exclusions page works for me. Is it not accepting the string (syntax validation) or is the exclusion not working for new alerts?

uccidibuti commented 2 years ago

Can you add more details? after you added the certificate do you find it in lua/pro/admin/edit_alert_exclusions.lua (Settings->Behavioural Check Exclusions) page on TLS Certificate Issuer tab?

cardigliano commented 2 years ago

@martinscheu can you please comment more on this?

MatteoBiscosi commented 2 years ago

Closing for inactivity. In the latest ntopng this feature seems working correctly. Please reopen if needed.