Forum Discussion

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Jul 25, 2014

Unable to generate PMS Key to decrypt SSL Traffic in Wireshark.

Hello Folks,

Recently I was troubleshooting an issue, where SSL Offloading was configured on F5. I wanted to wrap off the TLS in order to analyze HTTP traffic. While generate the PMS key, I found following error on F5 CLI.

Problem loading private key
ERROR: Couldn't create network handler

Customer has 2 pair of F5 appliances, and both are showing the same error message while generating PMS. Any clue?

Cheers! Darshan

  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account

    Hi Darshan, I'm not very familiar with that error. What little testing I did shows this may be due to using the wrong name. There is dtca.key, but no dtca1.key:

     ssldump -k /config/ssl/ssl.key/dtca.key -r /var/tmp/this.dmp port 443
     ssldump -k /config/ssl/ssl.key/dtca1.key -r /var/tmp/this.dmp port 443
    Problem loading private key
    ERROR: Couldn't create network handler
    

    Hope this offers some help.

    Kevin

  • Hello Kevin,

     

    Seems helpful. I will verify my ssldump command again and confirm what was wrong.

     

    Thank you very much!

     

    Cheers! Darshan