Fortinet white logo
Fortinet white logo

Administration Guide

A Simpler way to decrypt TLS traffic on Windows PC

A Simpler way to decrypt TLS traffic on Windows PC

If you’re using a Windows client and want to decrypt SSL/TLS traffic from the client to FortiWeb, there is a simpler way to get the SSL keys instead of retrieving them from FortiWeb diagnose output.

  1. Set a Windows environment variable.

    E.g. Create a new environment variable under User variables and select a file named “ssl-keys.log” to store SSL keys.

  2. Set wireshark: edit > preference > protocols > TLS: choose the key file “ssl-keys.log” from "(Pre)-Master-Secret log filename". Then you’ll be able to see that decrypted HTTP traffic.

    Please Note:

    This method cannot capture and analyze packets from FortiWeb to the backend server.

A Simpler way to decrypt TLS traffic on Windows PC

A Simpler way to decrypt TLS traffic on Windows PC

If you’re using a Windows client and want to decrypt SSL/TLS traffic from the client to FortiWeb, there is a simpler way to get the SSL keys instead of retrieving them from FortiWeb diagnose output.

  1. Set a Windows environment variable.

    E.g. Create a new environment variable under User variables and select a file named “ssl-keys.log” to store SSL keys.

  2. Set wireshark: edit > preference > protocols > TLS: choose the key file “ssl-keys.log” from "(Pre)-Master-Secret log filename". Then you’ll be able to see that decrypted HTTP traffic.

    Please Note:

    This method cannot capture and analyze packets from FortiWeb to the backend server.