Thanks. The key is pass phrase protected, and already PEM. I discovered that 0.99.9 supports a pkcs12 file and password on the configuration files (Accidentally). Since I had built the P12 is was easy to implement. I will go back and generate a key file with no passphrase, if other users need to do diagnostic sniffing, I am not sure I want the passwords used on my production SSL modules floating around. :)
Robert D. Scott [EMAIL PROTECTED] Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Receptionist University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sake Blok Sent: Friday, February 29, 2008 12:51 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] SSL Decryption on the Fly On Fri, Feb 29, 2008 at 10:17:44AM -0500, Robert D. Scott wrote: > I am having trouble getting decrypted output. > > Debug Output: > ssl_init keys string: > 128.227.21.54,443,http,L:\2007\satst\satst.erp.ufl.edu.cer > ssl_init found host entry > 128.227.21.54,443,http,L:\2007\satst\satst.erp.ufl.edu.cer > ssl_init addr 128.227.21.54 port 443 filename > L:\2007\satst\satst.erp.ufl.edu.cer > ssl_load_key: can't import pem data > > > I have all the original cert info for the server, the .csr, the .crt, and > the .key It's the .key file that you should use. As the certificate itself will be part of the SSL handshake, needs the private key that is linked to the public key which is found in the certificate. > Every combination I try generates the can't import pem data. I know this is > the right cert, because I built the pkcs12 file from them to load into our > Cisco SSL offload module. What does your .key file look like? It should look something like: -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDDheBxxgRp9Zg/D6pGzTEx0sn4C6vkLj/ftPp62XVD8Af7VbE7 [...] yjoTQnfWPSiXBfumTIGr+F4kYIP9uMTPIQpwcOlZGa2j -----END RSA PRIVATE KEY----- If it looks like: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,CB7BE7B5A318ACE6 ScuaEtGA1xy7iVvvntc4hZ9Kl0VOKmA9sOcfP1CnrUVpAuLoHPEXTsc10smlXwsl [...] yy7ANfGCZTWaWP89uOIwlXK0n8hHZjTjw5axBuWXvgWHNbvein7tsg== -----END RSA PRIVATE KEY----- then your keyfile is protected by a passphrase (which is a good thing btw). Unfortunately Wireshark can't use passphrase protected keys so you will need to use openssl (or something else) to create a keyfile that is not protected by a passphrase. (openssl rsa -in <old-keyfile> -out <new-keyfile> will ask you for the passphrase and write the key to <new-keyfile> unencrypted) If your keyfile looks binary, then it is probably in DER format, meaning you will have to convert it to PEM. Again, openssl can help you out: openssl rsa -inform DER -in old-keyfile> -out <new-keyfile> I hope this helps, Cheers, Sake _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
