I am trying to decode/decrypt ssl transactions between my laptop and an EC2 on the Amazon Cloud. We have an ssl cert from Verisign (cert, chain, root). How do I take this info and create a key that Wireshark will use to decrypt the data ?? I look at the SSL log file and it tells me that it can't load the pem file. Specifically, the ssl log file says: ssl_load_key: can't import pem data How do I take the .crt and create a .pem that Wireshark will be happy with ?? thanks wk p.s. I did search thru the site and did not see anything that specifically addressed what I am experiencing. asked 15 Mar '12, 11:16 wakelt |
2 Answers:
One additional thing to look out for is that usually a .crt file extension is not used for a key (either public or private.) It just contains an X509 certificate which in turn contains only the public key and other information about you and the Issuer, etc. What Verisign sends to you cannot include the private key because you never sent it to them in the first place. When you generated a Certificate Signing Request (CSR) to send to Verisign, the private key was probably created at that point or earlier and stored locally. If you are lucky, it will be in a Java keystore or a .key extension file somewhere. If you are unlucky it may be in a secure storage within your OS from which you may not be able to export it. If you cannot find the private key, you will have to start over and generate a new key pair, this time making sure that the private key stays accessible, and then send a new CSR using that key pair. answered 20 Mar '12, 18:56 inetdog |
The SSL Wiki page has some info on converting keys to pem format, although .crt files aren't mentioned. The following link provides lots of answers to the question: .crt to pem, but the best answer seems to be here answered 15 Mar '12, 11:28 grahamb ♦ |
Yup i agree with grahamb