This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Trouble getting Exported PFX file to Import and Decrypt HTTPS Traffic

0

I'm getting the following error from Wireshark:

error in column 'Password': Could not
load PKCS#12 key file: could not load
PKCS#12 in PEM format: Base64
unexpected header error.

Do I need to convert this? I tried using openssl with the following:

C:\Projects\openssl>C:\OpenSSL-Win32\bin\openssl.exe pkcs12 -in ExportedCert.pfx -nocerts -out key.pem -nodes
7736:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1198:
7736:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:372:Type=PKCS12

I also tried converting it to a Base64 encoded binary format, but had trouble:

C:\Projects\openssl>C:\OpenSSL-Win32\bin\openssl.exe pkcs12 -in DEVexportcert1.pfx -out Devexportcert1.pem -nodes
7676:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1198:
7676:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:372:Type=PKCS12

Is there a specific format Wireshark requires? What am I doing wrong?

asked 02 Nov '15, 09:21

justdan23's gravatar image

justdan23
6113
accept rate: 0%

edited 02 Nov '15, 09:26

Can you use openssl to check the pfx?

openssl pkcs12 -info -in ExportedCert.pfx

(02 Nov '15, 10:00) grahamb ♦

I get the same error:

C:\Projects\openssl>C:\OpenSSL-Win32\bin\openssl.exe pkcs12 -info -in ExportedCert.pfx
3100:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1198:
3100:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:372:Type=PKCS12

I generated a new one with openssl and the generated one is a binary format; unlike the original one which has "BEGIN CERTIFICATE" at the top.

Wireshark liked the generated version. So I suspect this is a PEM file of only the Certificate? And not a PFX?

(02 Nov '15, 10:19) justdan23
1

pkcs#12 is a binary container. If you can read "BEGIN CERTIFICATE" then it's not a pcks#12 container.

(02 Nov '15, 16:10) Kurt Knochner ♦

Thanks! I exported the pfx from IIS and added it successfully to Wireshark.

(05 Nov '15, 12:39) justdan23