October 9

Wireshark: Extracting SSL certificates

Here are the steps for extracting an SSL certificate.
1. Make sure the setting "Allow subdissector to reassemble TCP streams" is on in the TCP protocol preferences (This is selected by default)
2. Then go to the packet which contains the SSL handshake message "Certificate"
3. In the packet detail pane, expand the SSL protocol
4. Expand the "Certificate" TLS record
5. Expand the "certificate" handshake protocol
6. Expand the list of certificates. There is now a list of certificate length and certificates (the list could be only 1 certificate). The first certificate is the server certificate, the second it's signing CA, the third the CA that signed the CA, etc.
7. Now rightclick on the certificate that you want to export
8. Choose "Export selected packet bytes..."
9. Choose a filename and click on save
You can save it as certname.crt on windows and then open it up to look at it.

By: S Blok

Copyright 2021. All rights reserved.

Posted October 9, 2015 by Timothy Conrad in category "Software

About the Author

If I were to describe myself with one word it would be, creative. I am interested in almost everything which keeps me rather busy. Here you will find some of my technical musings. Securely email me using - PGP: 4CB8 91EB 0C0A A530 3BE9 6D76 B076 96F1 6135 0A1B