Comment by iso1631
5 days ago
You can only decode those https certificates if you are mitming them (and have a compromised certificate)
A copy of the certificate and private keys won't help thanks to the magic of Diffie–Hellman, you can't passively (assuming you haven't got a practical quantum computer) read the stream
Your company will have deployed root certificates to devices and run as a MITM. This is standard corporate firewall behaviour.
It's also possible to generate ephemeral keys deterministically, e.g. key=hash(escrow, sslrandom).