Make a note of the keyring ID being used in the reverse proxy. (optional) Enter show ssl keyring to view a list of configured keyrings. Enter the ProxySG management console via CLI (ssh / console cable).ģ. If another certificate is used, substitute the appropriate entries.ġ. In this example, we will extract the self-signed key from the ProxySG. Extracting the Private Key from the ProxySG Alternatively, please refer to 000009966 for a method whereby disclosure of private keys is not necessary. Sometimes handing these keys to Support may be required in this case, place the keys in a password-protected ZIP file which you disclose only to Blue Coat Support personnel. If these plaintext keys get lost, change the certificates and keys on the ProxySG to avoid a security/integrity compromise. Please be very careful and delete these after use. Note: You will be dealing with plaintext private keys. Since the key is known to the ProxySG, it is possible to extract this key and use it in Wireshark to decrypt the SSL traffic for easier troubleshooting. In a reverse proxy scenario, the appropriate certificate and keys must be imported into the ProxySG in order to allow it to properly terminate SSL connections. In forward proxy, the proxy generates individual client keys which are not extractable.Īn SSL reverse proxy is deployed, and at some stage in the troubleshooting process, a packet capture of the HTTPS traffic is required to view traffic flowing between the client and ProxySG or between the OCS and ProxySG. Please note that this FAQ applies only to reverse proxy scenarios. Support requests a packet capture of SSL traffic that terminates on the ProxySG (reverse proxy) / on a controlled SSL server. You would like to troubleshoot SSL issues (HTTPS traffic). Decrypting SSL Traffic for Easy Viewing Using Wireshark
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |