davidmcgrew
commented
2 years ago cert_analyze operates on PEM or (base64 encoded) DER files with certificates in them; it doesn't operate on packet capture files.
mercury will report certificates observed in TLS sessions, as base64 strings (by default) or JSON (if --certs-json is passed on the command line, or specified in the configuration file).
Hope that helps!
cert_analyze command line What command should I enter to extract the certificate characteristics of the pcap file? Thank you.