I'm getting the following error from Wireshark:
error in column 'Password': Could not
load PKCS#12 key file: could not load
PKCS#12 in PEM format: Base64
unexpected header error.
Do I need to convert this? I tried using openssl with the following:
C:\Projects\openssl>C:\OpenSSL-Win32\bin\openssl.exe pkcs12 -in ExportedCert.pfx -nocerts -out key.pem -nodes
7736:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1198:
7736:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:372:Type=PKCS12
I also tried converting it to a Base64 encoded binary format, but had trouble:
C:\Projects\openssl>C:\OpenSSL-Win32\bin\openssl.exe pkcs12 -in DEVexportcert1.pfx -out Devexportcert1.pem -nodes
7676:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1198:
7676:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:372:Type=PKCS12
Is there a specific format Wireshark requires? What am I doing wrong?
asked 02 Nov '15, 09:21
justdan23
6●1●1●3
accept rate: 0%
Can you use openssl to check the pfx?
openssl pkcs12 -info -in ExportedCert.pfxI get the same error:
I generated a new one with openssl and the generated one is a binary format; unlike the original one which has "BEGIN CERTIFICATE" at the top.
Wireshark liked the generated version. So I suspect this is a PEM file of only the Certificate? And not a PFX?
pkcs#12 is a binary container. If you can read "BEGIN CERTIFICATE" then it's not a pcks#12 container.
Thanks! I exported the pfx from IIS and added it successfully to Wireshark.