Wireshark: Extracting SSL certificates

Here are the steps for extracting an SSL certificate.
1. Make sure the setting "Allow subdissector to reassemble TCP streams" is on in the TCP protocol preferences (This is selected by default)
2. Then go to the packet which contains the SSL handshake message "Certificate"
3. In the packet detail pane, expand the SSL protocol
4. Expand the "Certificate" TLS record
5. Expand the "certificate" handshake protocol
6. Expand the list of certificates. There is now a list of certificate length and certificates (the list could be only 1 certificate). The first certificate is the server certificate, the second it's signing CA, the third the CA that signed the CA, etc.
7. Now rightclick on the certificate that you want to export
8. Choose "Export selected packet bytes..."
9. Choose a filename and click on save
You can save it as certname.crt on windows and then open it up to look at it.

By: S Blok