Create another Layer 4 policy with the same IP address as that used for the production network, but with the following differences: In the Certificate field, select the dummy self-signed certificate created at step 2.ĥ. Go to Layer 4 traffic redirection > SSL policies and create a new SSL policy.Ĥ. Create a dummy self-signed certificate (including a dummy key).ģ. Log in to AppWall with SSL and go to Security > Certificates > Table.Ģ. Perform the following steps to provide Radware Technical Support team an encrypted SSL traffic with a dummy key/cert.ġ.
In this procedure, you create a dummy key on AppDirector, and assign it to a demo virtual server and service for reproduction purposes. Provide Radware Technical Support with the pcap file and the file with the session keys generated at step 4.
In the (Pre-)Master-Secret log filename field, enter the path to the session keys file to configure the SSL protocol preferences.Ħ. Make sure that decrypted traffic is still visible, as follows: Go to File > Export > SSL session keys to export the session keys to a new file.ĥ. You should be able to see a decrypted capture.Ĥ. Enter the requested information (IP address, protocol, server, key location). In Wireshark, go to Edit > Prefences > Protocols > SSL > RSA key list and select the private key.ģ. Load the pcap file which was generated in advance. This procedure decrypts only the data of a specified session.ġ. These keys decrypt specific sessions, so you can distribute them freely without exporting the private key.
In this procedure, you use Wireshark to export session keys for the SSL sessions in the pcap file. Note: The procedures does not require you to export a private key. You can use either of the methods described. This article describes two methods for providing Radware Technical Support with decrypted data from an encrypted SSL session.
0 kommentar(er)
