Decrypt TLS traffic not working
I'm testing capturing HTTPS traffic and decrypting in Wireshark. So far I've not been able to successfully decrypt. The setup...
- Client is behind firewall (Watchguard)
- Firewall has HTTPS Proxy configured to inspect traffic
- Custom cert, signed by my private CA, is loaded on firewall to re-encrypt traffic after inspection
- Proxy rule is configured to not allow PFS, disabling ECDHE
- tcpdump file is generated on firewall device
- In Wireshark Preferences > RSA Keys, private key file (.PFX) is loaded (also tried loading the old way under Protocols > TLS > RSA keys list)
- Protocols > TLS configured to save TLS debug file
Using Chrome I make a single HTTPS request to postman-echo.com and capture via tcpdump on the firewall. In Chrome > Developer Tools > Security tab the encryption is reported as TLS 1.2, RSA, and AES_128_GCM. Open the .pcap in Wireshark but no TLS data is decrypted.
Packets as viewed in Wireshark link text
Debug log file link text
I believe everything is set up correctly but I can't decipher the debug file enough to determine what's wrong. Looking for some insight.
Thanks