Forum Discussion

aspindler34_133's avatar
aspindler34_133
Icon for Nimbostratus rankNimbostratus
Jan 15, 2015

SSLDump PMS File Issues.

I am working with the SSLDump Utility and I am running into issues generating the PMS file to decrypt the traffic. I have a feeling it ihas nothing to do with my pcap (yet). when I run the following command I get the following errors:

 

ssldump -r ~/ssldump.pcap -k -M ~/client1.pms

 

"Problem loading private key"

 

"ERROR: Couldn't create network handler"

 

Are the ssl keys in fact stored in this directory? This is what I have been trying to use at least:

 

/config/filestore/files_d/Common_d/certificate_key_d/

 

4 Replies

  • Hmmm, the location of keys gets a bit confusing. You're best bet is to run a find and then you can be sure;

    find / -iname *.key
    
  • It's not -k

     

    but

     

    -k (full path and file)

     

    such as, for exampl

     

    ssldump -r /var/tmp/www-ssl-client1.cap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:test.org.key_1 -M /var/tmp/client1.pms

     

  • Thanks gentlemen, I was able to get this working. For what ever reason, my key file was located in that directory I listed above. It was not located in the "/config/ssl/ssl.key/" also my syntax was off a bit.

     

    Heres the revised command I used that was successful:

     

    ssldump -r ssldump1.cap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:Test_SSL.key_26994_1 -M ~/client1.pms

     

    After I saved the capture locally this worked and printed me the rsa keys I needed, thanks for all the help.

     

    • swo0sh_gt_13163's avatar
      swo0sh_gt_13163
      Icon for Altostratus rankAltostratus
      Did you check if the PMS helped you decrypt the traffic in Wireshark? Also did your require to neglect DHE / ECDHE ciphers from Client/Server SSL Profiles to decrypt the traffic in Wirshark? Can you please share steps if you successfully decrypted the SSL Traffic in Wirshark?