Hi David, I created a new certificate datase with certutil, and I can view the private key fingerprints with certutil -d . -K but I can't actually extract the private key from the certutil database. I can create a certificate sign request using certutil again. I thus have the private key but it is "hidden" from me. Regards From: 389-users-bounces at lists.fedoraproject.org [mailto:389-users-bounces at lists.fedoraproject.org] On Behalf Of David Boreham Sent: 12 November 2010 16:04 To: General discussion list for the 389 Directory server project. Subject: Re: Decrypting SSL for 389-ds On 11/12/2010 8:59 AM, Gerrard Geldenhuis wrote: I am trying to decrypt SSL traffic capture with tcpdump in wireshark. A quick google turned up a page that said the NSS utils does not allow you to expose your private key. Is there different way or howto that anyone can share to help decrypt SSL encrypted traffic for 389? I think you're confused about the private key : you had to have had the private key in order to configure it in the server. So find the file, and feed that to Wireshark. Note that WS can not currently decrypt certain ciphers (and it won't simply tell you that it can't -- instead you waste days of your time before the penny drops). Hopefully your client is not negotiating one of those. ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101112/6c5d5eed/attachment-0001.html
