How can I extract the certificate from this pcap file?
With new versions of wireshark:
- Make sure the traffic is decoded as SSL, i.e. setup the SSL analyzer for this TCP stream in
Analyze >> Decode As. Now it will show the SSL details for the packets. - Pick the packet which contains the certificate, in this case packet 6.
- In the packet details expand Secure Socket Layer etc until you get to the certificate itself:
- Use the context menu (right click) and save the raw data of the certificate with
Export Packet Bytesinto a file, for examplecert.der. - With
openssl x509 -inform der -in cert.der -textyou can have a look at the certificate, withopenssl x509 -inform der -in cert.der -outform pem -out cert.crtyou can convert it into a PEM format (i.e. what you mean with crt format).