找不到证书错误消息 [英] Certificate Not Found error message
问题描述
我正在尝试解密我的Windows Server 2008 R2 Enterprise SP1域控制器和另一台Windows服务器之间的TLS对话(我相信它也处于相同的操作系统版本)。我有域控制器的私钥,我已经配置了MA
1.2来加载带有效密码的证书(.pfx),但在我重新分析捕获后我发现信息无法找到证书。
I'm trying to decrypt a TLS conversation between my Windows Server 2008 R2 Enterprise SP1 domain controller and another Windows server (I believe it is also at the same OS version). I have the private key for the Domain Controller and I've configured MA 1.2 to load the certificate (.pfx) with the valid password but after I reparse the capture I informational message that the certificate cannot be found.
MessageNumber DiagnosisTypes Timestamp TimeElapsed Source Destination Module Summary
925975 None 2015- 03-04T20:59:40.7532822 [域控制器IP地址] [会员服务器IP地址] TLS 记录:[握手:[服务器您好],ChangeCipherSpec,握手(加密)]
MessageNumber DiagnosisTypes Timestamp TimeElapsed Source Destination Module Summary
925975 None 2015-03-04T20:59:40.7532822 [domain controller IP address] [Member server IP address] TLS Records: [Handshake: [Server Hello], ChangeCipherSpec, Handshake(Encryted)]
上面复制了与未找到Ceritificate消息相关的数据包。
The packet associated with the Ceritificate Not Found message is copied above.
有关为什么我无法解密对话的任何想法?
Any thoughts on why I cannot decrypt the conversation?
谢谢,
Michael
推荐答案
您是否看到完整的TLS会话设置?
Do you see the full TLS session setup?
在客户端问候中,有一个session_id长度字段(T LS.records [0] .fragment [0] .body.session_id.length_in_bytes)群组。它应该为零,如果不是,则重复使用ID,这意味着我们不会拥有所有信息来解密数据。
要解决此问题,必须重置客户端或服务器,并且跟踪需要收集客户端ID长度为零的原始会话。
In the client hello, there is a session_id length field (TLS.records[0].fragment[0].body.session_id.length_in_bytes). It should be zero, if not it's is reusing the ID which means we dont' have all the information in order to decrypt the data. To fix this the client or server would have to be reset, and the trace needs to collect the original session where the client ID length is zero.
解密工具窗口是否提供了有关未解密的特定会话的更多详细信息?
Does the Decryption Tool window provide any more details about that particular session that didn't decrypt?
您可以与我共享跟踪的任何机会(您可以通过http://blogs.technet与博客作者联系) .com / MessageAnalyzer。
Any chance you can share the trace with me (you can contact the blog author from http://blogs.technet.com/MessageAnalyzer.
谢谢,
保罗
这篇关于找不到证书错误消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
