CertificatesTroubleshoot

This automation exports all custom certificate-related information from the Python Docker container and decode it using RFC. In addition, it will get the certificate located in the specified endpoint.

Notes


After following the tutorial to update your custom certificate in Cortex XSOAR Server/ Cortex XSOAR Engine, validate the configuration applied using this script.

Script Data


NameDescription
Script Typepython3
TagsUtility

Inputs


Argument NameDescription
endpointThe endpoint identifier IP address or URL:Port. If the port is not included, 443 will be used by default.
portThe endpoint port. Default is 443.

Outputs


PathDescriptionType
TroubleShoot.Engine.SSL/TLS.ShellVariables.SSL_CERT_FILEThe SSL_CERT_FILE environment variable. For example, "/etc/custom-python-ssl/certs.pem"String
TroubleShoot.Engine.SSL/TLS.ShellVariables.CERT_FILEThe CERT_FILE environment variable. For example, "/etc/custom-python-ssl/certs.pem".String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.OrganizationalUnitNameThe unit name of the organization that is the holder of the engine custom SSL certificate. For example, "Content".String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.OrganizationNameThe name of the organization that is the holder of the engine custom SSL certificate. For example, "Cortex XSOAR".String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.BusinessCategoryThe business category of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.TitleThe title of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.SerialNumberThe serial number of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.StateOrProvinceNameThe state or province of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.DomainComponentThe DNS domain name of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.GivenNameThe given name of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.PseudonymThe pseudonym of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.JurisdictionStateOrProvinceNameThe jurisdiction state or province of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.GenerationQualifierThe generation qualifier of the holder of the engine custom SSL certificate. For example, 3rd generation.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.LocalityNameThe locality of the holder of the engine custom SSL certificate. For example, "Birmingham".String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.SurNameThe surname of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.CommonNameThe common name of the holder of the engine custom SSL certificate. For example, "Cortex XSOAR TLS".String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.JurisdictionLocalityNameThe jurisdiction locality of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.StreetAddressThe street address of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.PostalCodeThe postal code of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.PostalAddressThe postal address of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.JurisdictionCountryNameThe jurisdiction country name of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.CountryNameThe country of the holder of the engine custom SSL certificate. For example, "GB".String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.EmailAddressThe email address of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.DomainNameQualifierThe domain name qualifier of the holder of the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.OrganizationalUnitNameThe unit name of the organization of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.OrganizationNameThe name of the organization of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.BusinessCategoryThe business category of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.TitleThe title of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.SerialNumberThe serial number of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.StateOrProvinceNameThe state or province of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.DomainComponentThe DNS domain name of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.GivenNameThe given name of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.PseudonymThe pseudonym of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.JurisdictionStateOrProvinceNameThe jurisdiction state or province of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.GenerationQualifierThe generation qualifier of the authority that issued the engine custom SSL certificate. For example, 3rd generation.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.LocalityNameThe locality of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.SurNameThe surname of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.CommonNameThe common name of the authority that issued the engine custom SSL certificate. For example, "Cortex XSOAR TLS".String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.JurisdictionLocalityNameThe jurisdiction locality of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.StreetAddressThe street address of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.PostalCodeThe postal code of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.PostalAddressThe postal address of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.JurisdictionCountryNameThe jurisdiction country name of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.CountryNameThe country of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.EmailAddressThe email address of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.DomainNameQualifierThe domain name qualifier of the authority that issued the engine custom SSL certificate.String
TroubleShoot.Engine.SSL/TLS.Certificates.Decode.Extentions.IssuerAlternativeNameThe alternate names of the issuer.String
TroubleShoot.Engine.SSL/TLS.Certificates.Decode.Extentions.SubjectAlternativeNameThe alternate names of the subject.String
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.NotValidBeforeThe beginning of the validity period for the certificate in UTC format.Date
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.NotValidAfterThe end of the validity period for the certificate in UTC format.Date
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.VersionThe version of the certificate.Number
TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.RawThe raw engine custom SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.OrganizationalUnitNameThe unit name of the organization that is the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.OrganizationNameThe name of the organization that is the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.BusinessCategoryThe business category of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.TitleThe title of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.SerialNumberThe serial number of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.StateOrProvinceNameThe state or province of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.DomainComponentThe DNS domain name of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.GivenNameThe given name of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.PseudonymThe pseudonym of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.JurisdictionStateOrProvinceNameThe jurisdiction state or province of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.GenerationQualifierThe generation qualifier of the holder of the endpoint SSL certificate. For example, 3rd generation.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.LocalityNameThe locality of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.SurNameThe surname of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.CommonNameThe common name of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.JurisdictionLocalityNameThe jurisdiction locality of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.StreetAddressThe street address of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.PostalCodeThe postal code of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.PostalAddressThe postal address of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.JurisdictionCountryNameThe jurisdiction country name of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.CountryNameThe country of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.EmailAddressThe email address of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.DomainNameQualifierThe domain name qualifier of the holder of the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.OrganizationalUnitNameThe unit name of the organization of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.OrganizationNameThe name of the organization of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.BusinessCategoryThe business category of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.TitleThe title of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.SerialNumberThe serial number of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.StateOrProvinceNameThe state or province of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.DomainComponentThe DNS domain name of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.GivenNameThe given name of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.PseudonymThe pseudonym of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.JurisdictionStateOrProvinceNameThe jurisdiction state or province of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.GenerationQualifierThe generation qualifier of the authority that issued the endpoint SSL certificate. For example, 3rd generation.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.LocalityNameThe locality of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.SurNameThe surname of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.CommonNameThe common name of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.JurisdictionLocalityNameThe jurisdiction locality of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.StreetAddressThe street address of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.PostalCodeThe postal code of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.PostalAddressThe postal address of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.JurisdictionCountryNameThe jurisdiction country name of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.CountryNameThe country of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.EmailAddressThe email address of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.DomainNameQualifierThe domain name qualifier of the authority that issued the endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Extentions.IssuerAlternativeNameThe alternate names of the issuer.String
TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Extentions.SubjectAlternativeNameThe alternate names of the subject.String
TroubleShoot.Endpoint.SSL/TLS.CustomCertificateAuthorities.Decode.NotValidBeforeThe beginning of the validity period for the certificate in UTC format.Date
TroubleShoot.Endpoint.SSL/TLS.CustomCertificateAuthorities.Decode.NotValidAfterThe end of the validity period for the certificate in UTC format.Date
TroubleShoot.Endpoint.SSL/TLS.CustomCertificateAuthorities.Decode.VersionThe version of the certificate.Number
TroubleShoot.Endpoint.SSL/TLS.Certificates.RawThe raw endpoint SSL certificate.String
TroubleShoot.Endpoint.SSL/TLS.IdentifierThe endpoint SSL identifier.String

Command Example

CertificatesTroubleshoot endpoint=google.com port=443

Context Example

{
"TroubleShoot": {
"Engine": {
"SSL/TLS": {
"ShellVariables": {
"SSL_CERT_FILE": "/etc/custom-python-ssl/certs.pem",
"CERT_FILE": "/etc/custom-python-ssl/certs.pem"
},
"CustomCertificateAuthorities": [
{
"Decode": {
"Subject": {
"OrganizationalUnitName": [
"Content"
],
"OrganizationName": [
"Demisto"
],
"BusinessCategory": null,
"Title": null,
"SerialNumber": null,
"StateOrProvinceName": [
"Hamerkaz"
],
"DomainComponent": null,
"GivenName": null,
"Pseudonym": null,
"JurisdictionStateOrProvinceName": null,
"GenerationQualifier": null,
"LocalityName": [
"Tel Aviv"
],
"SurName": null,
"CommonName": [
"Demisto TLS"
],
"JurisdictionLocalityName": null,
"StreetAddress": null,
"PostalCode": null,
"PostalAddress": null,
"JurisdictionCountryName": null,
"CountryName": [
"IL"
],
"EmailAddress": [
"test@gmail.com""
],
"DomainNameQualifier": null
},
"Issuer": {
"OrganizationalUnitName": [
"Content"
],
"OrganizationName": [
"Demisto"
],
"BusinessCategory": null,
"Title": null,
"SerialNumber": null,
"StateOrProvinceName": [
"Hamerkaz"
],
"DomainComponent": null,
"GivenName": null,
"Pseudonym": null,
"JurisdictionStateOrProvinceName": null,
"GenerationQualifier": null,
"LocalityName": [
"Tel Aviv"
],
"SurName": null,
"CommonName": [
"Demisto TLS"
],
"JurisdictionLocalityName": null,
"StreetAddress": null,
"PostalCode": null,
"PostalAddress": null,
"JurisdictionCountryName": null,
"CountryName": [
"IL"
],
"EmailAddress": [
"test@gmail.com""
],
"DomainNameQualifier": null
}
},
"Raw": "-----BEGIN CERTIFICATE-----\nxxxxx\n-----END CERTIFICATE-----\n"
}
]
}
},
"Endpoint": {
"SSL/TLS": {
"Certificates": [
{
"Decode": {
"Subject": {
"OrganizationalUnitName": [
"Test"
],
"OrganizationName": [
"Content"
],
"BusinessCategory": null,
"Title": null,
"SerialNumber": null,
"StateOrProvinceName": [
"Demisto"
],
"DomainComponent": null,
"GivenName": null,
"Pseudonym": null,
"JurisdictionStateOrProvinceName": null,
"GenerationQualifier": null,
"LocalityName": null,
"SurName": null,
"CommonName": [
"test.compute.amazonaws.com"
],
"JurisdictionLocalityName": null,
"StreetAddress": null,
"PostalCode": null,
"PostalAddress": null,
"JurisdictionCountryName": null,
"CountryName": [
"IL"
],
"EmailAddress": [
"test@gmail.com""
],
"DomainNameQualifier": null
},
"Issuer": {
"OrganizationalUnitName": [
"Content"
],
"OrganizationName": [
"Demisto"
],
"BusinessCategory": null,
"Title": null,
"SerialNumber": null,
"StateOrProvinceName": [
"Hamerkaz"
],
"DomainComponent": null,
"GivenName": null,
"Pseudonym": null,
"JurisdictionStateOrProvinceName": null,
"GenerationQualifier": null,
"LocalityName": [
"Tel Aviv"
],
"SurName": null,
"CommonName": [
"Demisto TLS"
],
"JurisdictionLocalityName": null,
"StreetAddress": null,
"PostalCode": null,
"PostalAddress": null,
"JurisdictionCountryName": null,
"CountryName": [
"IL"
],
"EmailAddress": [
"test@gmail.com"
],
"DomainNameQualifier": null
}
},
"Raw": "-----BEGIN CERTIFICATE-----\nxxxx\n-----END CERTIFICATE-----\n"
}
],
"Identifier": "test.compute.amazonaws.com",
"NotValidBefore": "2020-09-22 11:37:45",
"NotValidAfter": "2025-09-21 11:37:45",
"Version": 0,
"Extentions: {
"IssuerAlternativeName": [*.google.com, *.appengine.google.com],
"SubjectAlternativeName": [*.google.com, *.appengine.google.com]
}
}
}
}
}

Human Readable Output

Docker container engine - custom certificate

Enviorment variables

CERT_FILESSL_CERT_FILE
/etc/custom-python-ssl/certs.pem/etc/custom-python-ssl/certs.pem

General

NotValidBeforeNotValidAfterVersion
2020-09-22 15:22:192020-12-15 15:22:192

Issuer

CommonNameCountryNameEmailAddressLocalityNameOrganizationNameOrganizationalUnitNameStateOrProvinceName
Demisto TLSILall@paloaltonetworks.comTel AvivDemistoContentHamerkaz

Subject

CommonNameCountryNameEmailAddressLocalityNameOrganizationNameOrganizationalUnitNameStateOrProvinceName
Demisto TLSILall@paloaltonetworks.comTel AvivDemistoContentHamerkaz

Endpoint certificate - ec2-54-220-131-136.eu-west-1.compute.amazonaws.com

General

NotValidBeforeNotValidAfterVersion
2020-09-22 15:22:192020-12-15 15:22:192

Issuer

CommonNameCountryNameEmailAddressLocalityNameOrganizationNameOrganizationalUnitNameStateOrProvinceName
Demisto TLSILall@paloaltonetworks.comTel AvivDemistoContentHamerkaz

Subject

CommonNameCountryNameEmailAddressOrganizationNameOrganizationalUnitNameStateOrProvinceName
ec2-54-220-131-136.eu-west-1.compute.amazonaws.comILtest@gmail.comContentTestDemisto

Extentions

IssuerAlternativeName
.google.com,.android.com,.appengine.google.com,.bdn.dev,*.cloud.google.com