How do I find my SSL certificate issuer?

I've inherited some web apps with an SSL certificate.

I don't know how to find out what is the actual issuer of this certificate. The domain on the certificates is not registered and for sure will not resolve any more. All I've found is
The certificate issued to 'xxxx' by 'xxxx' as CA, ie all authority. The certificate is valid from date1 till date2. What do these messages mean? How do I find out who is actually the certificate issuer? First, we need to understand how a certificate looks like. A certificate contains the issuer's public key (pubkey) encrypted with the certificate authority's (CA) private key. The public key and the corresponding private key are known as Subject Public Key and Subject Private Key respectively. This is why certificates do not include the CA name in them.

In your case, your cert does not include either "CA" or "issuer" or the "Common Name" extension because it does not mention any common name as per RFC 5280. Thus, the most likely explanation is that you have inherited this certificate from somewhere else and is not meant to be an SSL certificate at all. If this is true, there's no harm done with ignoring this certificate. You can still use this private key without any issue.

If however, this is an invalid/fake certificate, then you'll need to contact the company that provides the said certificate for the details on how to get this revoked or invalidated.

How do I find my certificate authority in Wireshark?

I'm trying to find my certificate authority (CA) for Wireshark. I've seen references that say it's at /etc/certificates/ca-certificates.crt, but that file doesn't exist for me. I do have a file in /etc/pki/tls/certs called ca-bundle.crt, which I think may be the CA file. Is there a better way?

The file /etc/pki/tls/certs/ca-bundle.crt is the default CA bundle. It is generated by the openssl utility by default (you can verify by running openssl ca -in /etc/pki/tls/certs/ca-bundle.crt -out /etc/pki/tls/certs/ca-bundle.crt -noout).

However, it is not required for every system to have a CA bundle installed. For example, my Ubuntu system doesn't have one installed.crt
You need a client certificate with the CA bundle.key -out ca.csr

After that you can use your existing CA certificate (ca-bundle.crt) to sign your client certificate.

This is how I figured it out. The documentation was wrong, and the CA certificate is not in /etc/certificates/ca-certificates. Instead, it is in /etc/pki/tls/certs/ca-certificates.crt, which is where it should be.

How to extract SSL certificate from Wireshark?

Here's the scenario I had to extract/rescue a SSL server from our Wireshark logs.

A) We were monitoring the Wireshark log of one of our production servers (running CentOS) that is responsible for SSL termination. It started working fine but later one day there was this weird error that looked like this in the Wireshark log: The SSL handshake took too long, use "-ssl" or change configuration! - Some text. Client Hello - Server Hello Done. For about a week everything worked fine until I noticed that were getting a lot of SSL errors from our application log files. For our logs we use a custom application to log errors and when I looked at the SSL log file I saw that the SSL certificate was expired. This is the scenario: B) So I decided to look into the Wireshark log where I realized that the problem started occurring because the certificate used by our server was not valid any more and all the sessions with this certificate had expired. C) I looked for the certificate and I found it. What was weird is that it was valid until sometime in January of 2024 and since the next day it stopped working. There were no errors or anything. Just a server running with a not valid SSL certificate that was generating lots of errors when people tried to make a secure connection.

D) I looked for how to extract the certificate and then I did a very basic tutorial with OpenSSL and then tried to apply some of its commands on our production SSL termination server in order to try to get back the certificate, but this is what happened: I thought maybe that OpenSSL was the key here so I went with this code on the command line: sudo cp /etc/pki/tls/certs/openssl.mydomain.com/

So then I found this command: sudo openssl sclient -connect mydomain.com:443 -cert /etc/pki/tls/certs/openssl.com/server.crt -key /etc/pki/tls/private/mydomain.key -status