Unable to generate PMS Key to decrypt SSL Traffic in Wireshark.

Question

Hello Folks,
Recently I was troubleshooting an issue, where SSL Offloading was configured on F5. I wanted to wrap off the TLS in order to analyze HTTP traffic. While generate the PMS key, I found following error on F5 CLI.
Problem loading private key
ERROR: Couldn't create network handler

Customer has 2 pair of F5 appliances, and both are showing the same error message while generating PMS.
Any clue?
Cheers!
Darshan

kevin_k_51432 · Answer

Hi Darshan,
I'm not very familiar with that error. What little testing I did shows this may be due to using the wrong name. There is dtca.key, but no dtca1.key:
 ssldump -k /config/ssl/ssl.key/dtca.key -r /var/tmp/this.dmp port 443
 ssldump -k /config/ssl/ssl.key/dtca1.key -r /var/tmp/this.dmp port 443
Problem loading private key
ERROR: Couldn't create network handler

Hope this offers some help.
Kevin

swo0sh_gt_13163 · Answer

Hello Kevin,&nbsp;
Seems helpful.
I will verify my ssldump command again and confirm what was wrong.&nbsp;
Thank you very much!&nbsp;
Cheers!
Darshan&nbsp;

zgh910918_25374 · Answer

Please refer to the following link&nbsp;
https://support.f5.com/csp/article/K10209&nbsp;

Forum Discussion

Unable to generate PMS Key to decrypt SSL Traffic in Wireshark.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS