TLS Capture and Decode Class Activity - savannahc502/SavC-TechJournal-SEC260 GitHub Wiki

Note to self: should review this topic, tad confusing

To access information about the certificate and the TLS exchange:
- Go to a HTTPS site in a browser - click the lock and get the certificate information.
- In Chrome: Use F12 for Developer Mode and Go To "Security"

What server was the certificate assigned to? *champlain.edu aka 208.115.107.132
What is the validity date of the cert? Thursday, July 6th, 2023 at 8:00 pm to Tuesday, July 9th, 2024 at 7:59 pm
What is the Certificate Authority for the certificate? DigiCert Inc
Can you find the public key? Pictured Below

Packets 66-79 (seven total) are a part of the TLS certificate exchange between my server and https://www.champlain.edu. First, the client (my server) sent two client hello messages with information about the available TLS methods it can use. The third, fourth, and fifth packet is the server responding to the connection request to accept the communication methods. The server also has to send the SSL/TLS certificate and the public key/signature. The Change Cipher Spec Packet confirms that packets after this instance will be protected under the newly negotiated Cipher Spec (though in TLSv1.3, this is mostly useless since the encryption begins at the Server Hello Message).

Resources:

Server Certificate in Wireshark:

According to a blogpost I found, “In TLS 1.3, all messages after ServerHello are encrypted” (superuser.com). This means that the certificate is actually encrypted in the exchange pictured above. Instead, I will provide a Wireshark capture of a TLSv1.2 certificate exchange that is unencrypted from another website.

For the server 23.35.66.189, the TLSv1.2 allowed me to expand on the certificate subheadings of the Server Hello Done packet. Above the issuer, validity times, and public key exponent are all highlighted. This same information could be found on the lock symbol if I were to visit the server website (which I cannot, but the theory still stands).