Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Private collaborator server not starting with valid certificates

Maciej | Last updated: May 23, 2022 09:32PM UTC

Hi, I am trying to deploy a private burp collaborator instance and hitting the following error message: May 23 20:46:28 collab java[16727]: 2022-05-23 20:46:28.898 : Using configuration file /etc/collaborator.config May 23 20:46:29 collab java[16727]: 2022-05-23 20:46:29.077 : No certificate options specified, and we failed to retrieve the name of the local host to create a self signed certific May 23 20:46:29 collab java[16727]: Exception in thread "main" burp.fhg: No certificate options specified, and we failed to retrieve the name of the local host to create a self sign May 23 20:46:29 collab java[16727]: at burp.ei.a(Unknown Source) May 23 20:46:29 collab java[16727]: at burp.dp.a(Unknown Source) May 23 20:46:29 collab java[16727]: at burp.y6.<init>(Unknown Source) May 23 20:46:29 collab java[16727]: at burp.hug.a(Unknown Source) May 23 20:46:29 collab java[16727]: at burp.StartBurp.main(Unknown Source) The certificate has been generated with letsencrypt certbot, I have checked all of the certificate files and everything looks OK. The configuration I am using is the following: # cat /etc/collaborator.config { "serverDomain": "collab.xx", "workerThreads": 10, "eventCapture": { "localAddress": "x.y.w.z", "publicAddress": "1.2.3.4", "ssl": { "certificateFiles": [ "/etc/letsencrypt/live/collab.xx/privkey.pem", "/etc/letsencrypt/live/collab.xx/cert.pem", "/etc/letsencrypt/live/collab.xx/chain.pem" ] } }, "dns": { "interfaces": [ { "name": "ns1", "localAddress": "x.y.w.z", "publicAddress": "1.2.3.4" } ], "ports": 53 }, "logLevel": "DEBUG" } The private key has the PEM format and is not encrypted: # head -n 1 /etc/letsencrypt/live/collab.xx/privkey.pem -----BEGIN PRIVATE KEY----- The cert.pem file contains the wildcard certificate: # openssl x509 -in /etc/letsencrypt/live/collab.xx/cert.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 04:aa:3f:8f:89:6a:0f:d6:83:70:7f:7e:b7:ba:e8:2c:88:28 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = R3 Validity Not Before: May 17 11:21:55 2022 GMT Not After : Aug 15 11:21:54 2022 GMT Subject: CN = *.xx The chain.pem contains the intermediate certs like expected: root@collab:~# openssl x509 -in /etc/letsencrypt/live/collab.xx/chain.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 91:2b:08:4a:cf:0c:18:a7:53:f6:d6:2e:25:a7:5f:5a Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1 Validity Not Before: Sep 4 00:00:00 2020 GMT Not After : Sep 15 16:00:00 2025 GMT Subject: C = US, O = Let's Encrypt, CN = R3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bb:02:15:28:cc:f6:a0:94:d3:0f:12:ec:8d:55: 92:c3:f8:82:f1:99:a6:7a:42:88:a7:5d:26:aa:b5: 2b:b9:c5:4c:b1:af:8e:6b:f9:75:c8:a3:d7:0f:47: 94:14:55:35:57:8c:9e:a8:a2:39:19:f5:82:3c:42: a9:4e:6e:f5:3b:c3:2e:db:8d:c0:b0:5c:f3:59:38: e7:ed:cf:69:f0:5a:0b:1b:be:c0:94:24:25:87:fa: 37:71:b3:13:e7:1c:ac:e1:9b:ef:db:e4:3b:45:52: 45:96:a9:c1:53:ce:34:c8:52:ee:b5:ae:ed:8f:de: 60:70:e2:a5:54:ab:b6:6d:0e:97:a5:40:34:6b:2b: d3:bc:66:eb:66:34:7c:fa:6b:8b:8f:57:29:99:f8: 30:17:5d:ba:72:6f:fb:81:c5:ad:d2:86:58:3d:17: c7:e7:09:bb:f1:2b:f7:86:dc:c1:da:71:5d:d4:46: e3:cc:ad:25:c1:88:bc:60:67:75:66:b3:f1:18:f7: a2:5c:e6:53:ff:3a:88:b6:47:a5:ff:13:18:ea:98: 09:77:3f:9d:53:f9:cf:01:e5:f5:a6:70:17:14:af: 63:a4:ff:99:b3:93:9d:dc:53:a7:06:fe:48:85:1d: a1:69:ae:25:75:bb:13:cc:52:03:f5:ed:51:a1:8b: db:15 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Subject Key Identifier: 14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 X509v3 Authority Key Identifier: keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E Authority Information Access: CA Issuers - URI:http://x1.i.lencr.org/ X509v3 CRL Distribution Points: Full Name: URI:http://x1.c.lencr.org/ X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 Signature Algorithm: sha256WithRSAEncryption 85:ca:4e:47:3e:a3:f7:85:44:85:bc:d5:67:78:b2:98:63:ad: 75:4d:1e:96:3d:33:65:72:54:2d:81:a0:ea:c3:ed:f8:20:bf: 5f:cc:b7:70:00:b7:6e:3b:f6:5e:94:de:e4:20:9f:a6:ef:8b: b2:03:e7:a2:b5:16:3c:91:ce:b4:ed:39:02:e7:7c:25:8a:47: e6:65:6e:3f:46:f4:d9:f0:ce:94:2b:ee:54:ce:12:bc:8c:27: 4b:b8:c1:98:2f:a2:af:cd:71:91:4a:08:b7:c8:b8:23:7b:04: 2d:08:f9:08:57:3e:83:d9:04:33:0a:47:21:78:09:82:27:c3: 2a:c8:9b:b9:ce:5c:f2:64:c8:c0:be:79:c0:4f:8e:6d:44:0c: 5e:92:bb:2e:f7:8b:10:e1:e8:1d:44:29:db:59:20:ed:63:b9: 21:f8:12:26:94:93:57:a0:1d:65:04:c1:0a:22:ae:10:0d:43: 97:a1:18:1f:7e:e0:e0:86:37:b5:5a:b1:bd:30:bf:87:6e:2b: 2a:ff:21:4e:1b:05:c3:f5:18:97:f0:5e:ac:c3:a5:b8:6a:f0: 2e:bc:3b:33:b9:ee:4b:de:cc:fc:e4:af:84:0b:86:3f:c0:55: 43:36:f6:68:e1:36:17:6a:8e:99:d1:ff:a5:40:a7:34:b7:c0: d0:63:39:35:39:75:6e:f2:ba:76:c8:93:02:e9:a9:4b:6c:17: ce:0c:02:d9:bd:81:fb:9f:b7:68:d4:06:65:b3:82:3d:77:53: f8:8e:79:03:ad:0a:31:07:75:2a:43:d8:55:97:72:c4:29:0e: f7:c4:5d:4e:c8:ae:46:84:30:d7:f2:85:5f:18:a1:79:bb:e7: 5e:70:8b:07:e1:86:93:c3:b9:8f:dc:61:71:25:2a:af:df:ed: 25:50:52:68:8b:92:dc:e5:d6:b5:e3:da:7d:d0:87:6c:84:21: 31:ae:82:f5:fb:b9:ab:c8:89:17:3d:e1:4c:e5:38:0e:f6:bd: 2b:bd:96:81:14:eb:d5:db:3d:20:a7:7e:59:d3:e2:f8:58:f9: 5b:b8:48:cd:fe:5c:4f:16:29:fe:1e:55:23:af:c8:11:b0:8d: ea:7c:93:90:17:2f:fd:ac:a2:09:47:46:3f:f0:e9:b0:b7:ff: 28:4d:68:32:d6:67:5e:1e:69:a3:93:b8:f5:9d:8b:2f:0b:d2: 52:43:a6:6f:32:57:65:4d:32:81:df:38:53:85:5d:7e:5d:66: 29:ea:b8:dd:e4:95:b5:cd:b5:56:12:42:cd:c4:4e:c6:25:38: 44:50:6d:ec:ce:00:55:18:fe:e9:49:64:d4:4e:ca:97:9c:b4: 5b:c0:73:a8:ab:b8:47:c2 -----BEGIN CERTIFICATE----- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX nLRbwHOoq7hHwg== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 40:01:77:21:37:d4:e9:42:b8:ee:76:aa:3c:64:0a:b7 Signature Algorithm: sha256WithRSAEncryption Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3 Validity Not Before: Jan 20 19:14:03 2021 GMT Not After : Sep 30 18:14:03 2024 GMT Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ad:e8:24:73:f4:14:37:f3:9b:9e:2b:57:28:1c: 87:be:dc:b7:df:38:90:8c:6e:3c:e6:57:a0:78:f7: 75:c2:a2:fe:f5:6a:6e:f6:00:4f:28:db:de:68:86: 6c:44:93:b6:b1:63:fd:14:12:6b:bf:1f:d2:ea:31: 9b:21:7e:d1:33:3c:ba:48:f5:dd:79:df:b3:b8:ff: 12:f1:21:9a:4b:c1:8a:86:71:69:4a:66:66:6c:8f: 7e:3c:70:bf:ad:29:22:06:f3:e4:c0:e6:80:ae:e2: 4b:8f:b7:99:7e:94:03:9f:d3:47:97:7c:99:48:23: 53:e8:38:ae:4f:0a:6f:83:2e:d1:49:57:8c:80:74: b6:da:2f:d0:38:8d:7b:03:70:21:1b:75:f2:30:3c: fa:8f:ae:dd:da:63:ab:eb:16:4f:c2:8e:11:4b:7e: cf:0b:e8:ff:b5:77:2e:f4:b2:7b:4a:e0:4c:12:25: 0c:70:8d:03:29:a0:e1:53:24:ec:13:d9:ee:19:bf: 10:b3:4a:8c:3f:89:a3:61:51:de:ac:87:07:94:f4: 63:71:ec:2e:e2:6f:5b:98:81:e1:89:5c:34:79:6c: 76:ef:3b:90:62:79:e6:db:a4:9a:2f:26:c5:d0:10: e1:0e:de:d9:10:8e:16:fb:b7:f7:a8:f7:c7:e5:02: 07:98:8f:36:08:95:e7:e2:37:96:0d:36:75:9e:fb: 0e:72:b1:1d:9b:bc:03:f9:49:05:d8:81:dd:05:b4: 2a:d6:41:e9:ac:01:76:95:0a:0f:d8:df:d5:bd:12: 1f:35:2f:28:17:6c:d2:98:c1:a8:09:64:77:6e:47: 37:ba:ce:ac:59:5e:68:9d:7f:72:d6:89:c5:06:41: 29:3e:59:3e:dd:26:f5:24:c9:11:a7:5a:a3:4c:40: 1f:46:a1:99:b5:a7:3a:51:6e:86:3b:9e:7d:72:a7: 12:05:78:59:ed:3e:51:78:15:0b:03:8f:8d:d0:2f: 05:b2:3e:7b:4a:1c:4b:73:05:12:fc:c6:ea:e0:50: 13:7c:43:93:74:b3:ca:74:e7:8e:1f:01:08:d0:30: d4:5b:71:36:b4:07:ba:c1:30:30:5c:48:b7:82:3b: 98:a6:7d:60:8a:a2:a3:29:82:cc:ba:bd:83:04:1b: a2:83:03:41:a1:d6:05:f1:1b:c2:b6:f0:a8:7c:86: 3b:46:a8:48:2a:88:dc:76:9a:76:bf:1f:6a:a5:3d: 19:8f:eb:38:f3:64:de:c8:2b:0d:0a:28:ff:f7:db: e2:15:42:d4:22:d0:27:5d:e1:79:fe:18:e7:70:88: ad:4e:e6:d9:8b:3a:c6:dd:27:51:6e:ff:bc:64:f5: 33:43:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: CA Issuers - URI:http://apps.identrust.com/roots/dstrootcax3.p7c X509v3 Authority Key Identifier: keyid:C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10 X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.root-x1.letsencrypt.org X509v3 CRL Distribution Points: Full Name: URI:http://crl.identrust.com/DSTROOTCAX3CRL.crl X509v3 Subject Key Identifier: 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E Signature Algorithm: sha256WithRSAEncryption 0a:73:00:6c:96:6e:ff:0e:52:d0:ae:dd:8c:e7:5a:06:ad:2f: a8:e3:8f:bf:c9:0a:03:15:50:c2:e5:6c:42:bb:6f:9b:f4:b4: 4f:c2:44:88:08:75:cc:eb:07:9b:14:62:6e:78:de:ec:27:ba: 39:5c:f5:a2:a1:6e:56:94:70:10:53:b1:bb:e4:af:d0:a2:c3: 2b:01:d4:96:f4:c5:20:35:33:f9:d8:61:36:e0:71:8d:b4:b8: b5:aa:82:45:95:c0:f2:a9:23:28:e7:d6:a1:cb:67:08:da:a0: 43:2c:aa:1b:93:1f:c9:de:f5:ab:69:5d:13:f5:5b:86:58:22: ca:4d:55:e4:70:67:6d:c2:57:c5:46:39:41:cf:8a:58:83:58: 6d:99:fe:57:e8:36:0e:f0:0e:23:aa:fd:88:97:d0:e3:5c:0e: 94:49:b5:b5:17:35:d2:2e:bf:4e:85:ef:18:e0:85:92:eb:06: 3b:6c:29:23:09:60:dc:45:02:4c:12:18:3b:e9:fb:0e:de:dc: 44:f8:58:98:ae:ea:bd:45:45:a1:88:5d:66:ca:fe:10:e9:6f: 82:c8:11:42:0d:fb:e9:ec:e3:86:00:de:9d:10:e3:38:fa:a4: 7d:b1:d8:e8:49:82:84:06:9b:2b:e8:6b:4f:01:0c:38:77:2e: f9:dd:e7:39 -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 -----END CERTIFICATE----- The root certificate is present in the system cert store: # openssl x509 -in /etc/ssl/certs/DST_Root_CA_X3.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b Signature Algorithm: sha1WithRSAEncryption Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3 Validity Not Before: Sep 30 21:12:19 2000 GMT Not After : Sep 30 14:01:15 2021 GMT Subject: O = Digital Signature Trust Co., CN = DST Root CA X3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:df:af:e9:97:50:08:83:57:b4:cc:62:65:f6:90: 82:ec:c7:d3:2c:6b:30:ca:5b:ec:d9:c3:7d:c7:40: c1:18:14:8b:e0:e8:33:76:49:2a:e3:3f:21:49:93: ac:4e:0e:af:3e:48:cb:65:ee:fc:d3:21:0f:65:d2: 2a:d9:32:8f:8c:e5:f7:77:b0:12:7b:b5:95:c0:89: a3:a9:ba:ed:73:2e:7a:0c:06:32:83:a2:7e:8a:14: 30:cd:11:a0:e1:2a:38:b9:79:0a:31:fd:50:bd:80: 65:df:b7:51:63:83:c8:e2:88:61:ea:4b:61:81:ec: 52:6b:b9:a2:e2:4b:1a:28:9f:48:a3:9e:0c:da:09: 8e:3e:17:2e:1e:dd:20:df:5b:c6:2a:8a:ab:2e:bd: 70:ad:c5:0b:1a:25:90:74:72:c5:7b:6a:ab:34:d6: 30:89:ff:e5:68:13:7b:54:0b:c8:d6:ae:ec:5a:9c: 92:1e:3d:64:b3:8c:c6:df:bf:c9:41:70:ec:16:72: d5:26:ec:38:55:39:43:d0:fc:fd:18:5c:40:f1:97: eb:d5:9a:9b:8d:1d:ba:da:25:b9:c6:d8:df:c1:15: 02:3a:ab:da:6e:f1:3e:2e:f5:5c:08:9c:3c:d6:83: 69:e4:10:9b:19:2a:b6:29:57:e3:e5:3d:9b:9f:f0: 02:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10 Signature Algorithm: sha1WithRSAEncryption a3:1a:2c:9b:17:00:5c:a9:1e:ee:28:66:37:3a:bf:83:c7:3f: 4b:c3:09:a0:95:20:5d:e3:d9:59:44:d2:3e:0d:3e:bd:8a:4b: a0:74:1f:ce:10:82:9c:74:1a:1d:7e:98:1a:dd:cb:13:4b:b3: 20:44:e4:91:e9:cc:fc:7d:a5:db:6a:e5:fe:e6:fd:e0:4e:dd: b7:00:3a:b5:70:49:af:f2:e5:eb:02:f1:d1:02:8b:19:cb:94: 3a:5e:48:c4:18:1e:58:19:5f:1e:02:5a:f0:0c:f1:b1:ad:a9: dc:59:86:8b:6e:e9:91:f5:86:ca:fa:b9:66:33:aa:59:5b:ce: e2:a7:16:73:47:cb:2b:cc:99:b0:37:48:cf:e3:56:4b:f5:cf: 0f:0c:72:32:87:c6:f0:44:bb:53:72:6d:43:f5:26:48:9a:52: 67:b7:58:ab:fe:67:76:71:78:db:0d:a2:56:14:13:39:24:31: 85:a2:a8:02:5a:30:47:e1:dd:50:07:bc:02:09:90:00:eb:64: 63:60:9b:16:bc:88:c9:12:e6:d2:7d:91:8b:f9:3d:32:8d:65: b4:e9:7c:b1:57:76:ea:c5:b6:28:39:bf:15:65:1c:c8:f6:77: 96:6a:0a:8d:77:0b:d8:91:0b:04:8e:07:db:29:b6:0a:ee:9d: 82:35:35:10 -----BEGIN CERTIFICATE----- MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE----- The OS I am running is debian 10: root@collab:~# lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster The burpsuite version I am trying to run is: # java -jar /usr/local/bin/burpsuite_pro.jar --version 2022.3.8-13217 Burp Suite Professional Is there any way I can diagnose this issue further? The error message burpsuite gives in the log is very vague.

Maciej | Last updated: May 24, 2022 09:54AM UTC

Java version is: collab% java -version openjdk version "11.0.15" 2022-04-19 OpenJDK Runtime Environment (build 11.0.15+10-post-Debian-1deb10u1) OpenJDK 64-Bit Server VM (build 11.0.15+10-post-Debian-1deb10u1, mixed mode)

Michelle, PortSwigger Agent | Last updated: May 24, 2022 09:55AM UTC

Thanks for your message. One thing I can see from the details you've posted is that the CN for your wildcard certificate is *.xx whereas the collaborator server domain is collaborator.xx. Can you double-check the details for the wildcard certificate to see if it matches the Collaborator domain for me in case this has just got out of sync as you've been preparing the information to post publicly, please? If you do want to share more detailed information with us directly feel free to email support@portswigger.net.

Maciej | Last updated: May 24, 2022 10:15AM UTC

I see that the DST root cert is expired, I have disabled this certificate in /etc/ca-certificates.conf like suggested on stackoverflow: https://stackoverflow.com/questions/69408776/how-to-force-older-debian-to-forget-about-dst-root-ca-x3-expiration-and-use-isrg but the issue persists. I have the new ISRG X1 certificate: root@collab:/etc/ssl/certs# ls -l | grep ISRG lrwxrwxrwx 1 root root 16 Feb 8 2021 4042bcee.0 -> ISRG_Root_X1.pem lrwxrwxrwx 1 root root 51 Feb 8 2021 ISRG_Root_X1.pem -> /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt root@collab:/etc/ssl/certs# openssl x509 -in ISRG_Root_X1.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1 Validity Not Before: Jun 4 11:04:38 2015 GMT Not After : Jun 4 11:04:38 2035 GMT Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ad:e8:24:73:f4:14:37:f3:9b:9e:2b:57:28:1c: 87:be:dc:b7:df:38:90:8c:6e:3c:e6:57:a0:78:f7: 75:c2:a2:fe:f5:6a:6e:f6:00:4f:28:db:de:68:86: 6c:44:93:b6:b1:63:fd:14:12:6b:bf:1f:d2:ea:31: 9b:21:7e:d1:33:3c:ba:48:f5:dd:79:df:b3:b8:ff: 12:f1:21:9a:4b:c1:8a:86:71:69:4a:66:66:6c:8f: 7e:3c:70:bf:ad:29:22:06:f3:e4:c0:e6:80:ae:e2: 4b:8f:b7:99:7e:94:03:9f:d3:47:97:7c:99:48:23: 53:e8:38:ae:4f:0a:6f:83:2e:d1:49:57:8c:80:74:

Maciej | Last updated: May 24, 2022 10:17AM UTC

It's *.collab.xx I have cut too much from the subject CN: root@collab:/etc/ssl/certs# openssl x509 -in /etc/letsencrypt/live/collab.spiderasset.com/cert.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 04:aa:3f:8f:89:6a:0f:d6:83:70:7f:7e:b7:ba:e8:2c:88:28 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = R3 Validity Not Before: May 17 11:21:55 2022 GMT Not After : Aug 15 11:21:54 2022 GMT Subject: CN = *.collab.xx Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b2:11:d1:47:5c:bd:7e:7e:f1:e2:80:ba:02:8a: b6:78:3a:23:fc:da:09:07:3a:ba:6c:6e:60:10:04: a4:cf:5c:3f:00:bc:99:ba:31:d6:68:2e:ba:29:e5: db:7a:94:c2:73:5a:b2:db:0e:bd:b9:e6:a9:7d:76:

Michelle, PortSwigger Agent | Last updated: May 24, 2022 12:35PM UTC

Thanks for the update. Would you be happy to email us a copy of the configuration file so we can double-check the details and run some tests on it here, please? It would be useful to see the actual file, just in case some of the syntax or characters have got changed as they've been copied into the forum. If you can email it to support@portswigger.net and reference this forum post that would be great :)

Maciej | Last updated: May 26, 2022 09:25AM UTC

Information has been sent as requested.

Michelle, PortSwigger Agent | Last updated: May 26, 2022 09:45AM UTC

Thanks :) We don't seem to have received your email yet I'm afraid, would you mind resending it, please?

Maciej | Last updated: May 26, 2022 09:56AM UTC

I have resent again, I tried to send you the tar with letsencrypt certs too just in case but your email gw has rejected it because of securityaay.

Michelle, PortSwigger Agent | Last updated: May 26, 2022 12:44PM UTC