This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSL decryption requiring 2 SSL certs, and sequence matters?

0

We have an encrypted IIS web server -> IIS app server trace. Encryption is not 2 way, so the cert comes only from the app server side.

In order to decrypt the trace, I have to add the pre-go_live cert ( for "myURL-temp.company.com") to my SSL preferences first, then add in the post-go_live cert (myURL.company.com ) Then I can decrypt the traffic. Reverse that sequence of certs, and no joy.

"Client Hello" calls the pre-go_live URL:

myURL-temp.company.com

However, the server certificate exchanged is the post-go_live cert for " MyURL.company.com" , as expected.

Why in the world do I have to include the pre-go_live cert in the preferences? It's not showing up anywhere I can see in the cert exchange.

Does IIS somehow use both certs to do the encryption? ( I'm a Unix guy - you could put in a teaspoon what I know about IIS).

asked 21 Feb '14, 09:16

chavid's gravatar image

chavid
11112
accept rate: 0%