https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-export-the-private-key-from-the-forward/m-p/183674#M56431 <P>You can, but there's a large caveat that is more and more common:</P><P>You will not be able to decrypt the traffic if a high security cipher (such as DHE or ECC) is used.&nbsp;</P><P>&nbsp;</P><P>That said, if you want to do it and are using a simple RSA cipher, there are a few steps:</P><P>&nbsp;</P><P>1. Install OpenSSL</P><P>2. Export the cert and private key. I recommend PKCS12 because there will be fewer steps to do the conversion. Provide a passphrase with 6 characters minimum. Save it as something (default is something like cert_Forward-Untrust.p12).</P><P>3. In OpenSSL, enter the following. It will prompt you for the password from step 2:</P><P>&nbsp;</P><PRE>openssl pkcs12 -in cert_Forward-Untrust.p12 -out PrivAndPub.pem -nodes</PRE><P>4. Open PrivAndPub.pem in a plain text editor. You'll see a section heading of -----BEGIN PRIVATE KEY-----. Save this until the end as a new file (private.key for example).</P><P>&nbsp;</P><P>You can load the private.key file into Wireshark. You won't need a password, because the OpenSSL command outputs it unencrypted.</P> Wed, 25 Oct 2017 17:25:23 GMT gwesson 2017-10-25T17:25:23Z https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-export-the-private-key-from-the-forward/m-p/183649#M56428 <P>I want to check a specific HTTP request that is send to a webserver and which is currently blocked by one of our vulnerability checks to verify if the signature is correct.</P><P>But I need to be able to view the decrypted data on the exported capture, therfor I have to import the private key of the forward-untrust certificate into wireshark....</P><P>But I have bo success in doing this&nbsp;</P> Wed, 25 Oct 2017 15:24:46 GMT https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-export-the-private-key-from-the-forward/m-p/183649#M56428 DaxVC 2017-10-25T15:24:46Z https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-export-the-private-key-from-the-forward/m-p/183674#M56431 <P>You can, but there's a large caveat that is more and more common:</P><P>You will not be able to decrypt the traffic if a high security cipher (such as DHE or ECC) is used.&nbsp;</P><P>&nbsp;</P><P>That said, if you want to do it and are using a simple RSA cipher, there are a few steps:</P><P>&nbsp;</P><P>1. Install OpenSSL</P><P>2. Export the cert and private key. I recommend PKCS12 because there will be fewer steps to do the conversion. Provide a passphrase with 6 characters minimum. Save it as something (default is something like cert_Forward-Untrust.p12).</P><P>3. In OpenSSL, enter the following. It will prompt you for the password from step 2:</P><P>&nbsp;</P><PRE>openssl pkcs12 -in cert_Forward-Untrust.p12 -out PrivAndPub.pem -nodes</PRE><P>4. Open PrivAndPub.pem in a plain text editor. You'll see a section heading of -----BEGIN PRIVATE KEY-----. Save this until the end as a new file (private.key for example).</P><P>&nbsp;</P><P>You can load the private.key file into Wireshark. You won't need a password, because the OpenSSL command outputs it unencrypted.</P> Wed, 25 Oct 2017 17:25:23 GMT https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-export-the-private-key-from-the-forward/m-p/183674#M56431 gwesson 2017-10-25T17:25:23Z