When troubleshooting, you may need to provide Support or Development with SSL encrypted traffic. However, providing the private key could pose a security risk.
A simple workaround is to export an SSL session key. With such a key, the user can decrypt only one trace and cannot decrypt other traffic from the same SSL server.
Capture SSL traffic
Determine the IP addresses and ports of the software services that contain SSL traffic.
For Classic AMD, in the rcon console, execute the following:
tcpdump 0 "/var/tmp/encrypted_traffic.pcap" "host X.X.X.X and tcp port YYY"
where X.X.X.X and YY are the IP addresses and ports of the software services containing SSL traffic.
For AMD HS use RUM Console -> Tools -> Recorded traffic tool to record the traffic.
Decrypt the trace in Wireshark
Open the captured trace in Wireshark.
Apply the private SSL key.
Make sure the traffic is decrypted.
Extract the session key
In Wireshark, select File►ExportSSLSessionKeys, and save the file.
Open another Wireshark session, and try to use the session keys to decrypt the same trace. In Wireshark, select Edit►Preferences►Protocols►SSL►(Pre)-Master-Secret logfilename, and select the exported session keys:
You should get the decrypted traffic for this particular SSL session.