Wireshark-users: [Wireshark-users] Cannot decrypt HTTPS traffic
From: JamesB <jamesr.burns@xxxxxxxxxx>
Date: Fri, 26 Oct 2007 13:04:32 +0100
Hi all,

I am trying to decrypt HTTPS traffic using an exported certificate from a W2003 Server using the MMC "certmgr" "snapin".

I have the following export options :-

DER encoded X509 (.CER)
Base-64 X509 (.CER)
PKCS7 (.P7B)

I would have prefered exporting as PCKS12, as I have been able to successfully convert this to a PEM file for Wireshark a number of times. However, this option was greyed-out and not available for this certificate.

I have tried instead exporting the DER file and using OpenSSL to convert the file to a PEM file for Wireshark:-

"openssl -inform der -in cert.cer -outform pem -out cert.pem"

This creates a resulting PEM file ok.

However, when I setup Wireshark to use it, HTTPS traffic from the specified server is not being decrypted. When I setup SSL logging in Wireshark, I can see "can't import pem data" & "can't find private key for this server" errors.

When I look at a LAN trace I can see that the Server "hello" sends two certificates to the client (!!??) & that neither has a "serial number" which matches that shown in "certmgr". However the certificate I exported does appear to be the correct one, with the name shown in the LAN Trace.

Does anyone know what I am doing wrong & help me get this working?

I have relevant files available for information and (hopefully) your perusal ;-) if requested.....

Thanks for any help...