Burp Suite User Forum

Create new post

CA Import PKCS12 parameters

Matthew | Last updated: Oct 13, 2015 01:46PM UTC

Hey PortSwigger, I'm currently trying to import a cert chain as my CA for burp suite (using Burp Pro). I need to import my intermediate certificate as the CA for each host, whilst also supplying the root cert file for all requests (the whole chain need to be at least 3 in length). However all I get when I try to import the PKCS#12 is a null pointer exception. Nothing else is being outputted by Burp in either stdout or the log. Rather annoying! My PKCS#12 file includes the root and intermediate certificates along with the intermediate private key (2048 RSA). The intermediate cert and key can be imported using the DER import method, but I cannot figure out what Burp wants for the PKCS#12 option. Below is my OpenSSL command to create the PKCS#12 file: openssl pkcs12 -export -out inter_chain.p12 -inkey intermediate/private/inter.key -in intermediate/certs/inter.pem -certfile certs/root.der.pem I / we would be very grateful if we could grab the format of the PKCS expected or know if Burp cannot perform this functionality. Regards, Matt

PortSwigger Agent | Last updated: Oct 13, 2015 03:24PM UTC

There is currently a bug in the handling of custom PKCS#12 certificates: Burp only looks for a certificate with the alias "caCert" (no quotes). If you create a PKCS#12 store that uses this alias for your certificate, Burp should be able to find it. We'll soon get this fixed and have Burp look for the first entry in the store.

PortSwigger Agent | Last updated: Oct 19, 2015 01:23PM UTC

In today's Burp release (1.6.29) we've fixed the problem with the CA certificate alias, and Burp should be able to extract your custom certificate regardless of the alias used.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.