In some cases, Faddom can decrypt SSL traffic to analyze the packet payload. This is dependent on the encryption protocol being used and will only work for RSA based key exchange.
In order to configure this, you need to supply Faddom with the private key used for encrypting the traffic.
The private key should be in pem format, and should be located on the same host as the sensor that captures this traffic. The private key file path should be set in the sensor configuration file, as well as the private key password, if exists. The configuration file can be found on the sensor appliance at /opt/illuminit/networksensor/NetworkSensor.cfg
ssl_analyzer_key_file | Private key files to use for ssl decryption. Format: ip port pem_file_path | [ip_address] [port] [path_to_pem_file] |
|
ssl_analyzer_key_password | Passwords for private key files to use for ssl decryption. Format: ip port password | [ip_address] [port] [password] |
If the private key is in pfx format, then you can use openssl to convert it to the required PEM format:
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
After updating the configuration file, restart the sensor using
systemctl restart networksensor