Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burpsuite CA not working for sub-domain?

steve | Last updated: Jul 17, 2016 04:25AM UTC

Hi I encountered a scenario. I am on Burpsuite Pro. I am testing an SSL enabled site https://myexamplesite.com/ and I was able to use the Burpsuite CA to act as MITM to load the content into Burpsuite successfully. However, the site has a subdomain http://sub1.myexamplesite.com/ and I loaded the Burpsuite CA into this subdomain but I was hit with a "Received fatal alert: handshake_failure" message in my Burpsuite alerts. I have already ensured the following: - updated the latest JCE - disabled java SNI extension by doing the following -Djsse.enableSNIExtension=false Could any experts please give some advise? Why doesn't the CA cert works for subdomain? Is it because there is Public Key Certificate Pinning enabled somehow?

PortSwigger Agent | Last updated: Jul 18, 2016 12:38PM UTC

Installing Burp's CA certificate should work fine for all domains and subdomains in terms of getting rid of browser SSL warnings. Note that you only need to install Burp's CA certificate once, and so you don't need to "load it into a subdomain" as you mentioned. Perhaps you haven't correctly installed the CA certificate? Details are here: https://support.portswigger.net/customer/en/portal/articles/1783075-Installing_Installing%20CA%20Certificate.html

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.