Hi all,
I am trying to decrypt HTTPS traffic using an exported certificate from a W2003 Server using the MMC "certmgr" "snapin".
I have the following export options :-
DER encoded X509 (.CER)
Base-64 X509 (.CER)
PKCS7 (.P7B)
I would have prefered exporting as PCKS12, as I have been able to successfully convert this to a PEM file for Wireshark a number of times. However, this option was greyed-out and not available for this certificate.
I have tried instead exporting the DER file and using OpenSSL to convert the file to a PEM file for Wireshark:-
"openssl -inform der -in cert.cer -outform pem -out cert.pem"
This creates a resulting PEM file ok.
However, when I setup Wireshark to use it, HTTPS traffic from the specified server is not being decrypted. When I setup SSL logging in Wireshark, I can see "can't import pem data" & "can't find private key for this server" errors.
When I look at a LAN trace I can see that the Server "hello" sends two certificates to the client (!!??) & that neither has a "serial number" which matches that shown in "certmgr". However the certificate I exported does appear to be the correct one, with the name shown in the LAN Trace.
Does anyone know what I am doing wrong & help me get this working?
I have relevant files available for information and (hopefully) your perusal ;-) if requested.....
Thanks for any help...