This is our old Q&A Site. Please post any new questions and answers at

I am trying to decode/decrypt ssl transactions between my laptop and an EC2 on the Amazon Cloud. We have an ssl cert from Verisign (cert, chain, root). How do I take this info and create a key that Wireshark will use to decrypt the data ?? I look at the SSL log file and it tells me that it can't load the pem file. Specifically, the ssl log file says:

ssl_load_key: can't import pem data

How do I take the .crt and create a .pem that Wireshark will be happy with ??

thanks wk

p.s. I did search thru the site and did not see anything that specifically addressed what I am experiencing.

asked 15 Mar '12, 11:16

wakelt's gravatar image

accept rate: 0%

One additional thing to look out for is that usually a .crt file extension is not used for a key (either public or private.) It just contains an X509 certificate which in turn contains only the public key and other information about you and the Issuer, etc.

What Verisign sends to you cannot include the private key because you never sent it to them in the first place.

When you generated a Certificate Signing Request (CSR) to send to Verisign, the private key was probably created at that point or earlier and stored locally. If you are lucky, it will be in a Java keystore or a .key extension file somewhere. If you are unlucky it may be in a secure storage within your OS from which you may not be able to export it.

If you cannot find the private key, you will have to start over and generate a new key pair, this time making sure that the private key stays accessible, and then send a new CSR using that key pair.

permanent link

answered 20 Mar '12, 18:56

inetdog's gravatar image

accept rate: 14%

The SSL Wiki page has some info on converting keys to pem format, although .crt files aren't mentioned. The following link provides lots of answers to the question: .crt to pem, but the best answer seems to be here

permanent link

answered 15 Mar '12, 11:28

grahamb's gravatar image

grahamb ♦
accept rate: 22%

Yup i agree with grahamb

(15 Mar '12, 23:55) carolin
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 15 Mar '12, 11:16

question was seen: 9,712 times

last updated: 20 Mar '12, 18:56

p​o​w​e​r​e​d by O​S​Q​A