I want to check a specific HTTP request that is send to a webserver and which is currently blocked by one of our vulnerability checks to verify if the signature is correct.
But I need to be able to view the decrypted data on the exported capture, therfor I have to import the private key of the forward-untrust certificate into wireshark....
But I have bo success in doing this
You can, but there's a large caveat that is more and more common:
You will not be able to decrypt the traffic if a high security cipher (such as DHE or ECC) is used.
That said, if you want to do it and are using a simple RSA cipher, there are a few steps:
1. Install OpenSSL
2. Export the cert and private key. I recommend PKCS12 because there will be fewer steps to do the conversion. Provide a passphrase with 6 characters minimum. Save it as something (default is something like cert_Forward-Untrust.p12).
3. In OpenSSL, enter the following. It will prompt you for the password from step 2:
openssl pkcs12 -in cert_Forward-Untrust.p12 -out PrivAndPub.pem -nodes
4. Open PrivAndPub.pem in a plain text editor. You'll see a section heading of -----BEGIN PRIVATE KEY-----. Save this until the end as a new file (private.key for example).
You can load the private.key file into Wireshark. You won't need a password, because the OpenSSL command outputs it unencrypted.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!