Any one have experience with decoding MS SQL over SSL successfully ?
I am over at customer site doing a PoC and Gigamon HB-1 was used to decrypting the SSL but I discover that it is not decrypting it. How I know it is not decrypting is that any non successfuly decrypt SSL will still be forward to AMD.
Hence, over at the AMD, doing a `show ssldecr servers`, i can see that the encrypted DB traffic is there. I did try to load the ssl key into AMD and it seem that it is not decrypting too.
Anyone have experience on this area ?
In working on this in the past, the default install of MS SQL will create a default SSL certificate that will be used should the server allow and client requests encryption or the server simply requires it. Microsoft provides no supported way to export the private key for this default certificate.
The only way forward I have found in this scenario is to get/create a certificate externally and import that certificate for the SQL server to use, also putting the private key for this certificate on the AMD. In my experience, as long as the SQL server uses a certificate the AMD has a matching private key for, the AMD can decrypt and analyze the SQL sessions without issue.