Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kwcheng__FTNT
Staff
Staff

Created on ‎08-06-2024 01:35 AM

Article Id 330723

Technical Tip: Extracting SSL Server certificate from PCAP file

Description

This article describes how to extract an SSL server certificate from a PCAP file.
Scope FortiGate.
Solution

Notes:

  1. The PCAP file must include the 'packet data'. Crosscheck the 'verbose' filter option when capturing the SSL handshake connection so that it includes the 'packet data'. In this example, verbose 6 is used.
  2. TLS 1.3 is not supported because it is by designed that TLS 1.3 will encrypt the server certificate. For more information, you can refer to the following link: TLS 1.3: An Overview of Benefits and Risks.
  3. The sample website used here will be 'https://badssl.com/'.
  4. Make sure Wireshark software is installed.

 

The following are the steps to extract the SSL server certificate from a PCAP file:

  1. Locate the 'Server Hello' or the data packet which has the 'certificate'. 

Locating the server certificate.png

  

  1. 'Right-click' and select 'Export packet bytes'.

     

    Export.png

     

     

  2. Select type as 'All Files' and rename as 'YourCertName.der'.

    cert name.png

     

  3. Once it is successful, just open the .der file to check.

    Successful.png
235
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.