Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-13-2016 09:43 AM
Hi - 2 questions:-
> How do we change the default SSL certificate on Minemeld? Standard Apache cert replacement?
> If we have a custom source running SSL with a self-signed cert, can we force a HTTPS miner to ignore the cert error?
Thanks!
09-15-2016 04:19 AM - edited 09-15-2016 04:20 AM
@apackard MineMeld can't verify the cert of the server hosting the blocklist.
You can:
- copying the CA of the server certificate on the MineMeld instance and then setting REQUESTS_CA_BUNDLE env in /etc/default/minemeld to point to that location (preferred if the server is not using a self-signed cert)
- adding the setting verify_cert: false inside the prototype in the config section to disable certificate verification
NOTE: there is a bug in MineMeld 0.9.20 affecting local prototypes, to avoid losing your custom proto please move the minemeldlocal.yml to the right place:
sudo -u minemeld mv /opt/minemeld/prototypes/current/minemeldlocal.yml /opt/minemeld/local/prototypes/
09-13-2016 09:54 AM
Hi apackard,
How to change certs
Certificate is served by nginx and stored in /etc/nginx/minemeld.cer (certificate) /etc/nginx/minemeld.pem (private key). You can stop nginx ("sudo service nginx stop"), replace the files with a valid certificate and private key and restart nginx ("sudo service nginx start").
Ignore cert errors
Sure, this is usually done with the prototype. Which Miner are you using ?
Thanks.
09-14-2016 03:06 AM
Thanks very much - half asleep on the Apache\ngix mixup..!
I created a new miner and used the following prototype as a template: - minemeld.ft.http.HttpFT
| attributes |
|
| source_name | mm.ciuthreatintel |
| url | https://<internal_FQDN>:8787/pa-dbl.txt |
I can see polling errors being reported under the Statistics UI page but can't find where they are actually logged - looking again with fresh eyes I see I have set the application attribute to http.
On that subject is there any documentation on these attributes, they mostly seem obvious but I'm not sure on some of them?
Many Thanks
09-14-2016 11:49 PM
@apackard Look for the file /opt/minemeld/log/minemeld-engine.log and search inside it for the name of your node. Attributes looks correct, could you paste the full YAML config of the prototype (removing the confidential part of it) ?
Thanks !
luigi
09-15-2016 03:43 AM - edited 09-15-2016 03:43 AM
Thanks Luigi.
Pertinent error log entry:-
Exception in polling loop for CIU_Threatintel_Droplist: [Errno bad handshake] [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
And the YAML:-
#####@#####:/opt/minemeld/prototypes/0.9.20$ cat minemeldlocal.yml
author: minemeld-web
description: Local prototype library managed via MineMeld WebUI
prototypes:
CIU Threatintel Droplist:
class: minemeld.ft.http.HttpFT
config:
attributes:
application: http
confidence: 100
direction: inbound
share_level: green
type: IPv4
source_name: mm.ciuthreatintel
url: https://##########:8787/pa-dbl.txt
description: #####\ThreatStream moderated IP blocklist
development_status: STABLE
node_type: miner
09-15-2016 04:19 AM - edited 09-15-2016 04:20 AM
@apackard MineMeld can't verify the cert of the server hosting the blocklist.
You can:
- copying the CA of the server certificate on the MineMeld instance and then setting REQUESTS_CA_BUNDLE env in /etc/default/minemeld to point to that location (preferred if the server is not using a self-signed cert)
- adding the setting verify_cert: false inside the prototype in the config section to disable certificate verification
NOTE: there is a bug in MineMeld 0.9.20 affecting local prototypes, to avoid losing your custom proto please move the minemeldlocal.yml to the right place:
sudo -u minemeld mv /opt/minemeld/prototypes/current/minemeldlocal.yml /opt/minemeld/local/prototypes/
09-15-2016 04:39 AM
Perfect, many thanks.
01-13-2019 06:27 AM
Hi Luigi,
When I add cert signed by PAN deivce to /etc/nginx ( minemeld.cer and minemeld.pem) , when I restart nginx ( sudo service nginx restart ) it ask the PAM pass phrase. ALthough I put the correct password or remove the password from pem, it always ask.
So I can not change minemeld to use certificate signed by our PAN vm. Do I missed anything ?
Best Regards,
An
01-13-2019 10:18 AM
Hi @Nupagazy,
if the restart ask for password, typically means that your private key is password protected. I know you already removed that, but could you double check?
01-14-2019 08:51 AM
Hi @Nupagazy,
basically you should place in /etc/nginx/minemeld.cer your certificate in PEM format, and in /etc/nginx/minemeld.pem your private in PEM (with no password!)
Luigi
01-15-2019 02:05 AM
Thank you so much, I can make the PA vm send https log to minemeld now.
Best Regards,
An
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
