This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi.

I often run into this problem... I'm asked to capture SSL traffic (we use a lot of it around here), and, of course, I need the Cert in order to decrypt. But, often, requesting the cert from the folks who manage it, requires that I have the exact filename of the cert (e.g., XYZ12.PFX).

Is there a way that I can see the filename of the cert in the undecrypted packets - perhaps in the Server Hello?

Thx for any suggestions.

Feenyman99

asked 02 Jun '11, 09:25

feenyman99's gravatar image

feenyman99
96222226
accept rate: 25%

Do you mean the key? You can get the certificate from the traffic...

(23 May '13, 21:25) rakslice

I don't think that this is possible. The Server Hello does not contain any information about local file paths or file names on the HTTPS server as far as I know. And I think it would be considered a more or less serious security flaw if it would since bad guys could use that kind of information to get to know more about the server in an attempt to break in.

Maybe the server guys can get you a copy of the server config files so that you can inspect them to see which vHost has which certificate file assigned.

permanent link

answered 02 Jun '11, 09:54

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×18
×4

question asked: 02 Jun '11, 09:25

question was seen: 6,097 times

last updated: 23 May '13, 21:25

p​o​w​e​r​e​d by O​S​Q​A