Wireshark-dev: Re: [Wireshark-dev] decrypting SSL traffic that goes through an SSL terminating
From: "DePriest, Jason R." <jrdepriest@xxxxxxxxx>
Date: Thu, 14 Feb 2008 21:51:54 -0600
On Thu, Feb 14, 2008 at 2:21 AM, Sake Blok <> wrote:
> On Wed, Feb 13, 2008 at 10:25:49PM -0600, DePriest, Jason R. wrote:
>  >
>  > The file looks like this
>  > -----BEGIN CERTIFICATE-----
>  > MIIC0TCCAjqgAwIBAgIEFZ0B6DANBgkqhkiG9w0BAQQFADCBrDELMAkGA1UEBhMC
>  > (14 lines of stuff)
>  > Kd49ym4=
>  > -----END CERTIFICATE-----
>  >
>  > If I save that to a file with a .cer extension, Windows opens it with
>  > the correct information.
>
>  Well, "correct" might not be the proper description here. Since
>  Wireshark is looking for a private key and windows is showing
>  you the public certificate. The "BEGIN CERTIFICATE" is giving that
>  away too :-)
>
>
>  > The Blue Coat says its certs are in PKCS#7 format which from
>  > http://en.wikipedia.org/wiki/PKCS looks pretty standard.
>  >
>  > Any suggestions on how to convert it properly?
>
>  Well, since this file contains the certificate and not the
>  private key that linked to it, it can't be converted. You will
>  need to find the private key on the box. Which of course might
>  be difficult since it is something that the box would want to
>  keep secret. Anyone that has this key, can combine it with the
>  publicly available certificate and impersonate the whole
>  box. And every client is told to trust the (impersonated) box.

That's what I was afraid of.  The keys were installed by someone else
before I started managing these boxes.  I'll ask him where he stores
it next week.

>
>
>
>  Cheers,
>     Sake