Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Proxy Issues - client certificate authentication & upstream proxy

Alex | Last updated: Feb 23, 2023 12:00PM UTC

Hello, I am trying to connect to a web app that is accessible through a proxy server and that requires client certificates for authentication. When importing the PKCS12 client cert into the browser and setting the proxy server in the browser settings, I am prompted to select my certificate and I can successfully access the target app (Burp Suite is not used in this scenario). When I try to pass the browser traffic through Burp, the connections returns a "400 Bad Request - The SSL certificate error". I have configured my PKCS12 client cert in the TLS - Client TLS Certificates section and the external proxy server in the Connection - Upstream proxy servers. What additional settings/steps are required from my side in order to make this work ?

Michelle, PortSwigger Agent | Last updated: Feb 24, 2023 09:05AM UTC

Thanks for your message. So that we can look into this further for you, can you email support@portswigger.net with a few more details about your setup, please? - Which version of Burp are you using? Can you send us a copy of the output from Help -> Diagnostics? - Are there any messages in the Event Log on Burp's Dashboard? - Can you please send screenshots of the Client TLS and Upstream Proxy settings in Burp?

Alex | Last updated: Feb 24, 2023 11:03AM UTC

Hi Michelle, I have sent to support@portswigger.net all the details that you requested. Looking forward for your response, thanks you!

Michelle, PortSwigger Agent | Last updated: Feb 24, 2023 12:13PM UTC