Observer Analyzer : Observer Analyzer : Decodes : Decoding network traffic : Private key locations per server
Private key locations per server
Private key locations differ from application to application.
Microsoft Lync Server
Microsoft Lync Server encrypts all of its VoIP traffic, including the call set up process. To decrypt a Microsoft Lync server conversation, you must have the security certificate and Observer must see the telephone’s power up.
By default, the Lync Server key is not exportable. You must create an exportable key for Observer to use. Getting the Lync Server key is similar to that for the IIS Web Server. See Windows IIS Web Server.
Apache Web Server
Perform a search for the file with the name “server.key”. Check the format of the server.key file to ensure it is not an encrypted private key file. See Encrypted private key file.
However, if the private key file is encrypted, the private key file must be decrypted using the openSSL command line tool and the password that was used to encrypt it. This utility can be obtained by following an appropriate link as follows:
For Windows compatible versions, use a search engine to search for the terms “Download,” “Win32,” and “OpenSSL”.
After obtaining the openSSL command line utility, the private key file can be decrypted using the following command (choose the appropriate locations for the input and output files):
openssl rsa –in server.key –out UnencryptedKey.key
[enter passphrase]
You can now use the newly created output key, in Observer, to successfully decrypt and analyze encrypted network traffic.
Windows IIS Web Server
Windows does not contain a searchable private key file. The key file must be extracted from the website server certificate, and the server certificate must contain the private key file.
Use the following Microsoft Support document to export your server certificate and private key to a single .pfx file: http://support.microsoft.com/kb/232136 (How to back up a server certificate in Internet Information Services).
After you successfully export the .pfx file (PKCS #12), you must obtain the openSSL utility. This utility can be obtained by following an appropriate link as follows:
For Windows compatible versions, use a search engine to search for the terms “Download,” “Win32,” and “OpenSSL”.
With a valid .pfx server certificate backup file and the openssl utility, the following command should be used (choose the appropriate locations for the input and output files):
openssl pkcs12 –nodes –in c:\mycertificate.pfx –out c:\server.key
You can now use the newly created output key, in Observer, to successfully decrypt and analyze encrypted network traffic.
Non-encrypted private key file
A normal, non-encrypted private key file should contain text of the following format. Notice the absence of a “Proc-Type: ENCRYPTED” header.
 
A file of this format is usable by Observer.
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQD7uhNymd6WCORqH0rpd5zs4FEwCX2JrKtm0dmTf44SVaGvFLF1
vakeOYP/sFs4aa2UaN0FcbFaS2w3IZWWum4sCtqtvb8Zil+13VCdyR+2SRx9GMbu
SnoL/6FI86m+C0gHq6g0ILoiTAJnY+MOEC2bwbMykzljPVUOXE9IEG0A0QIDAQAB
AoGAFQOYogWEVmQRpWZNW6YXnJKxVGBGcZrPiDrWfgC0/ITXhYUlt12I47QLd+ni
-----END RSA PRIVATE KEY-----
 
Encrypted private key file
An encrypted private key file may have the following format, which indicates that the private key file obtained contains an RSA Private Key, where the text for the key itself is encrypted.
 
A file in this format will generate an error dialog stating “Error Loading the Private Key File!” You must decrypt this key file before it will function.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info:
DES-EDE3-CBC,7BC....
JHQ8U0pDbeFM9h2jZSmiugxdqOa2q/MiX43Xa4Es6nKmzu9oI/ZfpIdAHi8qwtsD
mZ5bQRIXD9AXeIRy+0tG2ibUaphQEsvI995PWUsh8N9dVumsqykmMXSwND7tkbHB
iO/VVSAAD9bV3dbl5nbMwMnPG+YC3S90GAK4ZRIqrHRQ94fd/ZAvP8kV9ilwCmX6
swFlNBLGuKFllJ9qkyr+OOQqulrAyZAB2UThGCJJetELFtV4mLmIaHdgDIcUqpJp==
-----END RSA PRIVATE KEY-----