I’ve stood up a fresh instance of suricata-update today, and in the process of doing a “suricata-update update-sources” to get rolling, I’m seeing a surprising SSL certificate error:
7/12/2020 -- 15:17:42 - < **Error** > -- **Failed to download index: https://www.openinfosecfoundation.org/rules/index.yaml: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)>**
If I attempt to wget the URL in question on an unrelated box, I see certificate problems there in further detail:
--2020-12-07 23:39:09-- https://www.openinfosecfoundation.org/rules/index.yaml Resolving www.openinfosecfoundation.org (www.openinfosecfoundation.org)... 220.127.116.11, 2600:1f16:db2:4f00:da9d:37d6:e8b9:9802 Connecting to www.openinfosecfoundation.org (www.openinfosecfoundation.org)|18.104.22.168|:443... connected. ERROR: The certificate of ‘www.openinfosecfoundation.org’ is not trusted. ERROR: The certificate of ‘www.openinfosecfoundation.org’ doesn't have a known issuer.
…but loading the page in Chrome shows me that the certificate is trusted/valid.
Is this some sort of issue where my local certificate validation process is doing something dumb? Or has there been some recent change at the OISF that somehow got goofed and is causing others issues? I would assume it’s on my end by the lack of other threads on the issue, but you never know…