I configured Jetty with a self-generated private key and cert after a long struggle. Now, I'm having trouble decrypting the HTTPS traffic from the Jetty server that I captured for inspection.
The following is the error from Wireshark's SSL log (file and host names are masked):
ssl_init keys string:
<host>,8443,data,C:\path\to\file.pem
ssl_init found host entry <host>,8443,data,C:\path\to\file.pem
ssl_init addr '<host>' port '8443' filename 'C:\path\to\file.pem' password(only for p12 file) '(null)'
ssl_load_key: can't import pem data
I'm not sure what's going wrong. Here are the headers of the key and crt files that are being used:
The .key file:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,159E7E1BB65239C8
... <rest of private key>
-----END RSA PRIVATE KEY-----
The .crt file:
-----BEGIN CERTIFICATE-----
... <rest of crt key>
-----END CERTIFICATE-----
I tried by just loading the .key file into Wireshark; I also tried combining the .key and .crt files into a single .pem file into Wireshark, but with no success with both the attempts. My .key file has a password. Does that make any difference? What could I be doing wrong?
Thanks for your time!
Best Answer
I think wireshark doesn't have a way to ask you for a password when setting the filepath of your private key, therefore encrypted private keys are not supported. You could try to decrypt the key beforehand:
Then set "jetty_server.key.unencrypted" as your private key in wireshark preferences like you did with the encrypted one.
ps: glad it worked :)