Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Extracting SSL Certs using Tshark

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Mon, 17 Nov 2014 07:20:49 +0100
2014-11-17 7:12 GMT+01:00 Shaanan Cohney <shaananc@xxxxxxxxxxx>:

Hi,
I was wondering if it is possible/how one extracts SSL certs from Server Certificate messages using only tshark. 
I see in the display filter page for SSL both ssl.handshake.certificate and ssl.handshake.certificates but neither seem to extract the necessary bytes on my pcaps.

Thanks!


Hi Shaanan,
this capability was added to tshark only very recently (November the 5th) , and in master branch. So you will need to download a nightly build of Wireshark 1.99.1 here: https://www.wireshark.org/download/automated/

Regards,
Pascal.