Many WebSphere Key and Trust stores are in p12, JKS or CMS format. In order to extract the private key using openssl, you need to get the file in an appropriate format. You cannot extract the key using iKeyman. For JKS files use iKeyMan to export the key to a PKCS12 key store. Once you have a PKCS12 keystore use the following command to extract the private key from the PKCS12 key store:
openssl pkcs12 -in waskey.p12 -out privateKey.pem
extract the public client cert from the waskey.p12
openssl pkcs12 -in waskey.p12 -clcerts -nokeys -out server.pem
then remove the private key password using:
openssl rsa -in privateKey.pem -out private.pem
You should now have a waskey.p12 a server.pem and a private.pem.
Now you can use openssl to start an ssl server that will be listening on port 4433!
openssl s_server -www -cipher AES256-SHA -key privateKey.pem -cert server.pem
Using default temp DH parameters
In wireshark go to:
Select Protocols in the drop down list and select SSL
In the RSA key list enter (the keyname is case sEnSiTiVe:
open a browser to https://locahost:4433/
In wireshark select one of the TLS protocol packets, right mouse click and select Follow SSL Stream. You should see the unecrypted data. right mouse click again and select Follow TCP Stream you should see encrypted data.