Wireshark-users: Re: [Wireshark-users] 256 pre master encrypted key

From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 11 Mar 2010 17:08:59 +0100
On 11 mrt 2010, at 16:24, junk@xxxxxxxxx wrote:

> I've watch you presentation and it was very interesting but in my
> situation I have a signer certificate (which is shown in the server hello
> packet with a common name of TEST) which is stored in my computer and
> issued by the server and only personal certificate (common name=HOD) with
> private keys stored in my computer.
> I extracted the private keys from the personal certificate and it seemed
> it didn't match.

To be able to decrypt SSL traffic with Wireshark, you need to have the private key of the certificate that is presented in the Certificate message (which is being sent after the ServerHello). In your case this would be the private key of the certificate with the common name of TEST. This private key is stored on the server that you make a connection to.

> I am managing certificates with IBM ikeyman I think it's a bit confusing
> to me !!!

I have not used IBM ikeyman, so I can't help you there unfortunately...