1
1
I am trying to monitor https traffic as readable HTML.
I have downloaded the certificate from the server.
"In Internet Explorer, I selected the certificate and copy to file, DER encoded binary X.509 (cer)"
I run this command it works:
openssl x509 -inform der -in Test3.cer -out key.cert
And I get a file key.cert with:
--BEGIN CERTIFICATE.
...
For information, I run this command I get pretty output about the cert:
openssl x509 -in key.cert -noout -text
According to the docs, I need to have a key.pem, private/key file.
So I try to run his command, I think to get a der output format.
openssl base64 -in key.cert -out 1.der
... And then I run this to get the pem file and I get this error:
Error reading key 6072:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:648:Expect ing: ENCRYPTED PRIVATE KEY
openssl pkcs8 -in 1.der -out temp.pem
--- I tried this also
$ openssl pkcs8 -topk8 -inform der -in 1.der -out temp.pem
unable to load key
2752:error:0D094065:asn1 encoding routines:d2i_ASN1_SET:bad class:a_set.c:190:
2752:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:
1315:
2752:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:ta
sn_dec.c:379:Type=RSA
2752:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:99:
How does the browser send that information encrypted without the key? What commands do I need to run once I get the key (and I already have the certificate). – Berlin Brown – 2011-12-02T17:28:11.947
The handshaking between server and client is more detailed than I can describe in a comment - have a look at http://en.wikipedia.org/wiki/Transport_Layer_Security for more details. If they key/certificate are unencrypted, then you can just copy and paste them both into the same file. Have a look at http://www.madboa.com/geek/openssl for more.
– Andy Smith – 2011-12-02T17:39:15.357