Burp community forum

Certificate Import

Tony | Last updated: Aug 26, 2015 03:29PM UTC

Hello, I am trying to intercept SSL by installing a custom certificate and private key which matches the target server I am trying to test. Having successfully converted and imported the cert, I am getting a certificate error in all browsers: Chrome and IE: This certificate is not valid for the selected purpose Firefox: Error code: sec_error_inadequate_key_usage I installed the cert in der format with the 'Import / export CA certificate'. Then tried installing in pkcs12 format under the loopback interface, I did not get a browser error but no details showed on the 'Target' tab. Is there something else I need to do? Thanks.

PortSwigger Agent | Last updated: Aug 27, 2015 08:22AM UTC

First, just to check on the need for this: is the client enforcing certificate pinning and that is why you need to use the real server certificate within Burp? If that isn't the case, then you can normally just install Burp's CA certificate on your client to remove SSL errors. Second, presumably what you have from the real server is their host certificate, not a CA certificate? If so, then you shouldn't use the "Import CA certificate" function in Burp, as the certificate you have isn't valid for that usage. You should edit your Proxy listener, and in the Certificate tab select the option to use a custom certificate, and load it there.

Burp User | Last updated: Aug 28, 2015 08:56AM UTC

Thanks for the clarification on the CA cert function. The client we are working with is rigid and we are not able to modify or install certificates. We have now resolved the problem, it was due to the PKCS12 file not containing the intermediary certificate so I converted both to PEM, used cat to combine, converted to PKCS12 then installed on the interface.

PortSwigger Agent | Last updated: Aug 28, 2015 08:59AM UTC

Good stuff - glad you got things working.

You need to Log in to post a reply. Or register here, for free.