I often run into this problem... I'm asked to capture SSL traffic (we use a lot of it around here), and, of course, I need the Cert in order to decrypt. But, often, requesting the cert from the folks who manage it, requires that I have the exact filename of the cert (e.g., XYZ12.PFX).
Is there a way that I can see the filename of the cert in the undecrypted packets - perhaps in the Server Hello?
Thx for any suggestions.
asked 02 Jun '11, 09:25
I don't think that this is possible. The Server Hello does not contain any information about local file paths or file names on the HTTPS server as far as I know. And I think it would be considered a more or less serious security flaw if it would since bad guys could use that kind of information to get to know more about the server in an attempt to break in.
Maybe the server guys can get you a copy of the server config files so that you can inspect them to see which vHost has which certificate file assigned.
answered 02 Jun '11, 09:54