Wireshark-dev: Re: [Wireshark-dev] decrypting SSL traffic that goes through an SSL terminating
From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 14 Feb 2008 09:21:37 +0100
On Wed, Feb 13, 2008 at 10:25:49PM -0600, DePriest, Jason R. wrote:
> 
> The file looks like this
> -----BEGIN CERTIFICATE-----
> MIIC0TCCAjqgAwIBAgIEFZ0B6DANBgkqhkiG9w0BAQQFADCBrDELMAkGA1UEBhMC
> (14 lines of stuff)
> Kd49ym4=
> -----END CERTIFICATE-----
> 
> If I save that to a file with a .cer extension, Windows opens it with
> the correct information.

Well, "correct" might not be the proper description here. Since
Wireshark is looking for a private key and windows is showing
you the public certificate. The "BEGIN CERTIFICATE" is giving that
away too :-)

> The Blue Coat says its certs are in PKCS#7 format which from
> http://en.wikipedia.org/wiki/PKCS looks pretty standard.
> 
> Any suggestions on how to convert it properly?

Well, since this file contains the certificate and not the
private key that linked to it, it can't be converted. You will
need to find the private key on the box. Which of course might
be difficult since it is something that the box would want to
keep secret. Anyone that has this key, can combine it with the
publicly available certificate and impersonate the whole
box. And every client is told to trust the (impersonated) box.

Cheers,
    Sake