I am using wireshark 1.6. I am trying to decrypt an SSL stream on a capture from one of our production servers. I have a capture taken from that server. I have the key extacted in pks format. I have converted it to pkcs12 and then RSA to remove the password. I also tried onverting to pcks8 but no luck. I configured my ssl preferences to "serveraddress,443,http,c:certcc.pem". I also tried adding it to the RSA key list in multiple formats.
All of the examples I find reference creating your own cert but I dont see how this would work in a production environment that is using a verisign cert.
What am I missing?
asked 22 Jun '11, 19:20
First of all, a bug has been reported with version 1.6.0 which seems to indicate that Wireshark needs to be restarted before the SSL settings take effect (which was not necessary before), but I haven't verified that yet.
Then, there might be other reasons why SSL decryption does not work for you. Here are the most common ones:
You might want to check the presentation I have given at Sharkfest'09 about troubleshooting SSL with Wireshark.
answered 23 Jun '11, 05:54