On Thu, Feb 14, 2008 at 2:21 AM, Sake Blok <> wrote:
> On Wed, Feb 13, 2008 at 10:25:49PM -0600, DePriest, Jason R. wrote:
> >
> > The file looks like this
> > -----BEGIN CERTIFICATE-----
> > MIIC0TCCAjqgAwIBAgIEFZ0B6DANBgkqhkiG9w0BAQQFADCBrDELMAkGA1UEBhMC
> > (14 lines of stuff)
> > Kd49ym4=
> > -----END CERTIFICATE-----
> >
> > If I save that to a file with a .cer extension, Windows opens it with
> > the correct information.
>
> Well, "correct" might not be the proper description here. Since
> Wireshark is looking for a private key and windows is showing
> you the public certificate. The "BEGIN CERTIFICATE" is giving that
> away too :-)
>
>
> > The Blue Coat says its certs are in PKCS#7 format which from
> > http://en.wikipedia.org/wiki/PKCS looks pretty standard.
> >
> > Any suggestions on how to convert it properly?
>
> Well, since this file contains the certificate and not the
> private key that linked to it, it can't be converted. You will
> need to find the private key on the box. Which of course might
> be difficult since it is something that the box would want to
> keep secret. Anyone that has this key, can combine it with the
> publicly available certificate and impersonate the whole
> box. And every client is told to trust the (impersonated) box.
That's what I was afraid of. The keys were installed by someone else
before I started managing these boxes. I'll ask him where he stores
it next week.
>
>
>
> Cheers,
> Sake
