This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to identify SSL Certificate file name

0

Hi.

I often run into this problem... I'm asked to capture SSL traffic (we use a lot of it around here), and, of course, I need the Cert in order to decrypt. But, often, requesting the cert from the folks who manage it, requires that I have the exact filename of the cert (e.g., XYZ12.PFX).

Is there a way that I can see the filename of the cert in the undecrypted packets - perhaps in the Server Hello?

Thx for any suggestions.

Feenyman99

asked 02 Jun '11, 09:25

feenyman99's gravatar image

feenyman99
96222226
accept rate: 25%

Do you mean the key? You can get the certificate from the traffic...

(23 May '13, 21:25) rakslice

One Answer:

1

I don't think that this is possible. The Server Hello does not contain any information about local file paths or file names on the HTTPS server as far as I know. And I think it would be considered a more or less serious security flaw if it would since bad guys could use that kind of information to get to know more about the server in an attempt to break in.

Maybe the server guys can get you a copy of the server config files so that you can inspect them to see which vHost has which certificate file assigned.

answered 02 Jun '11, 09:54

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%