I'm recording HTTPS transactions in gateway mode without sucess and I'm facing the following:
There are multiple certificates in "certificate" message . For example when I sent https request and listen this via wireshark I see 3 certificates first has commonname "sphp.bancodebogota.com.co", the second has commonname "Symantec Class 3 Secure Server CA - G4" and third has commonname "VeriSign Class 3 Public Primary Certification". First one is the server name that I connected the second one is a intermediate authority and third is a authority who signed the certificate. Finally I see Encrypted Alert so:
Secure Sockets Layer
TLSv1 Record Layer: Encrypted Alert
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Alert Message: Encrypted Alert
When I open the certificate, I see the following path (see the image attached):
During recording, the SSL handshake is Between the client (recorder) and the SSL server. I realized server sent three certificates.
During recording, the SSL handshake is Between the client (application or test case) and the server (recorder). I realized server (recording) just sent one certificate. The certificate which is sending has commonname "sphp.bancodebogota.com.co".
I converted the pfx file to jks file using keytool and I set up on recording th SSL to Client with the JKS converted.
Is there way to set up Lisa to send the three certificates? or I'm doing something wrong?
Any help or tip i order to record transactions?