I got an SSL trace file ran on a traffic generator which is copied to my local machine. I know the way to navigate wireshark for decrypting the SSL traffic but confused with what key/cert i need to feed as input to wireshark(RSA KEY LIST/Keys) in this case . Here is the bunch of information i got.
Client Private key
Server ca cert
I came to know that the file should be converted to .pem for wireshark to decrypt. Please let me know which one to pick from above 3 for decryption.
asked 03 Jul '14, 15:39
Have a look at the Wireshark wiki on SSL. You need to add a private key. The certificates (both CA and client/server) are useless as they are already sent over the wire and do not contains decryption keys anyway.
Be aware of some possible limitations. In particular the choice of cipher suites, PFS cipher suites (the (EC)DHE ones) cannot be decrypted even if you posess the private key. If you have access to the Pre-Master secrets, then you do not have this limitation, but it will require cooperation from the application to get these keys.
answered 04 Jul '14, 01:22