Wireshark-dev: [Wireshark-dev] decrypting SSL traffic that goes through an SSL terminating prox
From: "DePriest, Jason R." <[email protected]>
Date: Thu, 7 Feb 2008 23:40:12 -0600
I've seen the instructions http://wiki.wireshark.org/SSL to decrypt
SSL traffic inside Wireshark if you have the private key.

I have a Blue Coat proxy server with an SSL accelerator card.  It
terminates the connection and pretends to be the server to the client
and the client to the server.  It generates new certs to present to
the clients on the fly from an internal CA that, via Group Policy
Objects, was pushed out to end-users to be trusted.

My question is this: how can I pull a cert from the proxy that works
in Wireshark to decrypt traffic?

Has anyone had experience with Blue Coat's in general for this sort of
thing?  I can see the keyring that Blue Coat is configured to use and
the encrypted form of *a* key.  Even after putting it in a file and
converting it using openssl command-line tools into a form that
Wireshark should read, I get errors.

I can send the errors to anyone who wants to see them tomorrow.  The
SSL debug file gets pretty big pretty fast.


NOTICE:  Reading this email message requires root privileges which you
do not appear to possess. Sorry, dude.