Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Configuring a Burp root CA certificate in iOS13

gilc83 | Last updated: Jun 11, 2020 12:23PM UTC

Finally got this working!!! Here are the full instructions: 1. Generate a certificate with the following commands (notice the extendedKeyUsage addition to Nick's answer above) openssl req -x509 -nodes -newkey rsa:4096 -keyout myBurpCA.key -out root-ca.crt -days 365 -subj "/C=CA/O=Burp/OU=Certification Services/CN=MyBURPRootCA/" -addext "extendedKeyUsage=1.3.6.1.5.5.7.3.1" openssl pkcs12 -export -out BurpRootCA.pfx -inkey myBurpCA.key -in root-ca.crt 2. Go to burp and use the "Import / Export CA certificate" option and select your newly generated certificate (user the pfx file). **DO NOT** use "Edit Proxy Listener -> Certificate -> Use a custom certificate". It will not work (this is a custom specific certificate, you still want a CA-signed per-host certificate). 3. Go to the iPhone, configure the Burp Suite proxy as the proxy server and go to http://burp 4. Download and install the certificate by click the top right corner, downloading it ("Allow") and then going to settings -> Profile Downloaded -> Install, to finish the additional installation steps. 5. Authorize the installed certificate for TLS authentication by going to Settings > General > About > Certificate Trust Settings, and then toggle "Enable Full Trust for Root Certificates" on for the certificate. That's it! Certificate is now valid for TLS authentication.

Michelle, PortSwigger Agent | Last updated: Jun 11, 2020 03:47PM UTC

Thanks for sharing that!

gilc83 | Last updated: Jul 02, 2020 03:05PM UTC

Worked for me in Burp version v2020.1 (some people says it does not work in version v2020.5) and Java8: java version "1.8.0_221" Java(TM) SE Runtime Environment (build 1.8.0_221-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode)

Jairo | Last updated: Jul 02, 2020 05:08PM UTC

Hi there, for MacOsX Catalina, the option -addext "extendedKeyUsage=1.3.6.1.5.5.7.3.1" didn't work, just removed it and voila!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.