.pem file format in wireshark

Question

I've spent the whole day trying to decrypt some SSL packets on Wireshark using my .pem certificate but in vain.

I got the certificate using mitmproxy.

The header and footer of my .pme certificate are the following:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

When I import the certificate on Wireshark (Edit > preferences > protocols > ssl > Edit) so I can decrypt SSL packets I get the following error:

Can't load private key from /home/user/Téléchargements/mitmproxy-ca.pem: can't import pem data: The requested data were not available.

Many resources like generate a root certificat say that I need to have the following header and footer so that Wireshark manages to parse the private key:

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

So did I; I've modified my header and footer, but Wireshark is still incapable of loading the private key.

Any ideas on how I can make this work?

Answer 1

Changing the header and footer doesn't change the contents.

If you started off with the certificate (which only contains the public key) then changing the header and footer to BEGIN/END RSA PRIVATE KEY doesn't change the file to a private key.

You need to get hold of the original private key file.

Also, if you stop and think about it, a certificate is public information. If all that were needed to decrypt a TLS/SSL connection was a certificate then all the secure communications in the world would be compromised.