ntopng icon indicating copy to clipboard operation
ntopng copied to clipboard

Published 20 hours ago verified publisher icon ntop

Too Long TLS Cert. Validity - Exclude TLS Certificate Issuer not working

Open martinscheu opened this issue 2 years ago • 5 comments

Environment:

  • OS name: [e.g. Ubuntu]
  • OS version: [e.g. 18.04]
  • Architecture: [e.g. amd64]
  • ntopng version/revision: [e.g. 5.1.211223] : ntopng Enterprise L v.5.3.220623 (Ubuntu 20.04.4 LTS)

What happened: Trying to add a TLS Certificate Issuer in Exclude Checks "Too Long TLS Cert. Validity" seems not working. Or syntax is wrong ? CN=ICS-CN

What did you expect to happen?

How did you reproduce it?

Debug Information:

martinscheu avatar Jul 03 '22 19:07 martinscheu

Are you using nprobe or capturing packets from the network interface?

lucaderi avatar Jul 04 '22 07:07 lucaderi

is the standard ntopng installation with mirror port

martinscheu avatar Jul 04 '22 07:07 martinscheu

Adding "CN=ICS-CN" as IssuerDN in the exclusions page works for me. Is it not accepting the string (syntax validation) or is the exclusion not working for new alerts?

cardigliano avatar Jul 05 '22 15:07 cardigliano

Can you add more details? after you added the certificate do you find it in lua/pro/admin/edit_alert_exclusions.lua (Settings->Behavioural Check Exclusions) page on TLS Certificate Issuer tab?

uccidibuti avatar Jul 05 '22 15:07 uccidibuti

@martinscheu can you please comment more on this?

cardigliano avatar Jul 25 '22 07:07 cardigliano

Closing for inactivity. In the latest ntopng this feature seems working correctly. Please reopen if needed.

MatteoBiscosi avatar Aug 23 '22 13:08 MatteoBiscosi