我自己的自签名证书，但不能从wireshark解密

我在本地运行一个使用SSL的网站。 我有一个像这样的关键：

-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAtfraR2 ... 

和这样的证书：

 -----BEGIN CERTIFICATE----- MIIDYDCCAkigAwIBAgIJANyD ... 

两者都是用这个命令生成的：

 openssl req -x509 -nodes -newkey rsa:1024 -keyout testkey.pem -out testcert.pem 

我去网站并接受证书。

• 用Postgres和SSLconfigurationHaproxy tcp
• NodeJS Express API被防火墙阻止
• 我的第三级域名通过作为反向代理的nginx不能正常工作
• 双向SSL在Tomcat主机之间不起作用
• nginx，ssl_trusted_certificate和多个证书

在wireshark中，在“协议”，“SSL”和“RSA密钥列表”下，我添encryption钥，如下所示：

 192.168.1.132 443 http /path/to/key 

为什么我的本地站点的httpsstream量仍然在Wireshark中encryption？

然而，我可以使用铬浏览器解密， export SSLKEYLOGFILE='/root/ssl.log'和Wireshark的“（Pre）-Master-Secret日志文件”到“/root/ssl.log”。

我想直接在Wireshark / Protocols / SSL / RSA密钥列表下使用密钥进行解密。

以下是我在Wireshark SSLdebugging文件中得到的内容：

 Wireshark SSL debug log Wireshark version: 2.4.1 (Git Rev Unknown from unknown) GnuTLS version: 3.5.15 Libgcrypt version: 1.7.9 ssl_association_remove removing UDP 443 - handle 0x55e1bab80e50 KeyID[20]: | 80 b8 03 3c 89 98 7e 55 b6 9a 6f 05 62 b1 1e 2b |...<..~U..ob.+| | 4d b7 fe 87 |M... | ssl_load_key: swapping p and q parameters and recomputing u ssl_init private key file /etc/apache2/ssl/testkey.pem successfully loaded. ssl_init port '443' filename '/etc/apache2/ssl/testkey.pem' password(only for p12 file) '' association_add ssl.port port 443 handle 0x55e1bab80e50 dissect_ssl enter frame #4 (first time) packet_from_server: is from server - FALSE conversation = 0x55e1bd80b430, ssl_session = 0x55e1bd80bfb0 record: offset = 0, reported_length_remaining = 517 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 512, ssl state 0x00 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 508 bytes, remaining 517 Calculating hash with offset 5 512 ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01 dissect_ssl enter frame #6 (first time) packet_from_server: is from server - TRUE conversation = 0x55e1bd80b430, ssl_session = 0x55e1bd80bfb0 record: offset = 0, reported_length_remaining = 156 ssl_try_set_version found version 0x0303 -> state 0x91 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 100, ssl state 0x91 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available