{"id":2036,"date":"2014-04-10T10:33:49","date_gmt":"2014-04-10T09:33:49","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=2036"},"modified":"2014-04-10T11:33:26","modified_gmt":"2014-04-10T10:33:26","slug":"how-to-export-the-ssl-certificate-from-a-wireshark-packet-capture","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=2036","title":{"rendered":"How to export the SSL certificate from a Wireshark packet capture"},"content":{"rendered":"<p>How to obtain the SSL certificate from a Wireshark packet capture:<!--more--><\/p>\n<ol>\n<li>From the Wireshark menu choose Edit &gt; Preferences and ensure that &#8220;Allow subdissector to reassemble TCP streams&#8221; is ticked in the TCP protocol preferences<\/li>\n<li>Find &#8220;Certificate, Server Hello&#8221; (or Client Hello if it is a client-side certificate that you are interested in obtaining.<\/li>\n<li>In the packet detail pane, expand the Secure Sockets Layer protocol<\/li>\n<li>Expand the &#8220;TLSv1 Record Layer: Handshake Protocol: Certificate&#8221; field<\/li>\n<li>Expand the &#8220;Handshake Protocol: Certificate&#8221; field<\/li>\n<li>Expand the list of certificates. There may be one or more certificates depending upon whether a chain of trust is present. The first certificate is the server certificate, the second is the signing Certificate Authority, the third the CA that trusted\/signed that Certificate Authority and so on.<\/li>\n<li>Right-click on the on the certificate that you wish to obtain then choose &#8220;Export selected packet bytes&#8230;&#8221; and name the file with a .der extension.<\/li>\n<\/ol>\n<p>The file contains the certificate in DER format. Openssl can be used to view the certificate:<\/p>\n<blockquote><p>C:\\openssl\\bin&gt;openssl x509 -in certs\\www.servername.com.der -inform der -text -noout<\/p><\/blockquote>\n<p>See This Post for more examples of OpenSSL and certificate encoding types. <a href=\"http:\/\/darenmatthews.com\/blog\/?p=1299\">http:\/\/darenmatthews.com\/blog\/?p=1299<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to obtain the SSL certificate from a Wireshark packet capture:<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[71],"tags":[37],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2036"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2036"}],"version-history":[{"count":4,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2036\/revisions"}],"predecessor-version":[{"id":2040,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2036\/revisions\/2040"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2036"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}