Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read and use CA Cert settings #18

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Read and use CA Cert settings #18

wants to merge 1 commit into from

Conversation

nsmfoo
Copy link

@nsmfoo nsmfoo commented Mar 31, 2021

The current release of cortexutils does not read nor use the setting for CA Certs from the Cortex UI. This PR is meant to solve this issue. It came about trying to use Cortex behind a MITM capable proxy. Sidenote,the UI should indicate that it's the path to the system CA bundle that should be added, not the whole CA Cert in Base64 format

@nsmfoo
Read and use CA Cert settings
a67c9e8 
The current release of cortexutils does not read nor use the setting for CA Certs from the Cortex UI. This PR is meant to solve this issue. It came about trying to use Cortex behind a MITM capable proxy. Sidenote,the UI should indicate that it's the path to the system CA bundle that should be added, not the whole CA Cert in Base64 format
@mdtro
Copy link

mdtro commented Aug 6, 2021

I was working on an Analyzer (not in Python) and found myself digging through a lot of the input caveats. Here's what I found out: TheHive-Project/Cortex#176 (comment)

I'm testing with Cortex 3.1.1, but it actually creates a cacerts file that contains the certificate PEM encoded data placed in the CA Certs section in the Cortex UI (as long as I entered them in there as PEM/base64 encoded).

In my particular case, I was testing a file submission and ended up with three files in the job directory. I ended up with these three files:

/${job-directory}/cortex-job-VcKiGXsBZ3Fs1wGYaVK0-1541377302242493258/input/cacerts
/${job-directory}/cortex-job-VcKiGXsBZ3Fs1wGYaVK0-1541377302242493258/input/input.json
/${job-directory}/cortex-job-VcKiGXsBZ3Fs1wGYaVK0-1541377302242493258/input/attachment9152757940259950711

So I think the original intent was for the UI to contain the actual certificate data, instead of a path. I assume this would make it easier for docker-based analyzers to use custom CA bundles this way. At that point however, it would now require the analyzer author to honor the setting.

@nsmfoo
Copy link
Author

nsmfoo commented Aug 9, 2021

@mdtro Hi, I don't disagree that the original intent and also the most logical use of the UI would be to paste the certificate and not the path to it. But given that for those of us that don't use docker, but need the certificate information to be populated to all analysers, because we are behind a corporate MitM proxy. I found that my commit solved the issue. As it does not require any change to any of the analyzer. However if someone comes up with some other way to achieve the same solution, I'm equally happy. This was more or less my personal fix for an issue I noticed several corporate users had =) (also note that things might have changed between my commit and the current version)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nsmfoo @mdtro