Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Automated update of SSL Fingerprint blocking rules possible?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Automated update of SSL Fingerprint blocking rules possible? (Read 2141 times)
abij
Newbie
Posts: 14
Karma: 1
Automated update of SSL Fingerprint blocking rules possible?
«
on:
January 13, 2021, 04:42:12 am »
Hello,
As of now, we can use
Services: Intrusion Detection: Administration
to add
User-defined rules
to block domains associated with given SSL Fingerprint. This is a manual process since when define the rules we have to copy and paste SHA1 of the certificate. Is there a way to update the rule automatically when the cert expires, e.g., say
35:00:2E:BF:32:62:B6:6D:0F:EA:A2:E6:72:26:D6:51:3F:7F:CB:42
is the SHA1 for the cert of this forum, it expires 2/17/2021. Do we have a design such that a week before the expiration date, as in the above example, 2/10/2021, OPNsense can query about a potential new cert then extract the new expiration date, so that user defined rules can be renewed with an update using the new SSL Fingerprint?
Thanks.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Automated update of SSL Fingerprint blocking rules possible?