Fortinet black logo

Administration Guide

Decrypting SSL packets to analyze traffic issues

Decrypting SSL packets to analyze traffic issues

If SSL/TLS handshakes are successful but there are still server-policy access failures, sometimes we may need to decrypt the SSL packets and check more details in HTTP packets.

In brief, we need to capture packets on FortiWeb and enable diagnose debug flow at the same time; after retrieving the SSL keys from diagnose output, use it in wireshark to decrypt the SSL traffic, then you’ll be able to see the encrypted HTTP communication. As the keys used for TLS1.3 are different with TLS1.2 and before, we describe them separately as below.

Decrypting SSL packets to analyze traffic issues

If SSL/TLS handshakes are successful but there are still server-policy access failures, sometimes we may need to decrypt the SSL packets and check more details in HTTP packets.

In brief, we need to capture packets on FortiWeb and enable diagnose debug flow at the same time; after retrieving the SSL keys from diagnose output, use it in wireshark to decrypt the SSL traffic, then you’ll be able to see the encrypted HTTP communication. As the keys used for TLS1.3 are different with TLS1.2 and before, we describe them separately as below.