Burp Suite User Forum

Create new post

How do I use a password protected Java KeyStore for Burp Collaborator

Stijn | Last updated: Feb 22, 2016 09:16AM UTC

Dear All As required for running a private Burp Collaborator instance, we have ordered and received a wildcard certificate for the domain we'll run our instance under. We've created a JKS containing our certificate, which we're pointing at from our configuration file. However, this JKS is password protected and there doesn't seem to be a way to hand this password to the Burp Collaborator. As such, it doesn't grab it and uses a self-signed certificate instead. Which is ofcourse not what we had aimed for. Is there an option to either enter the password in e.g. the configuration file or could it be possible to make the Collaborator ask for the password on start-up? Thanks for your reply. Kind regards Stijn

PortSwigger Agent | Last updated: Feb 22, 2016 10:26AM UTC

You will need to extract the certificate and private key files from the keystore and have these available on the local filesystem in non-password-protected form, and set their location in the Collaborator config file. (Using a password-protected certificate where the password is placed into the configuration file wouldn't be any more secure than just using a non-password-protected certificate.)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.