Burp Suite User Forum

Create new post

Unable to configure Burp with a web application which prompts 3 certificates while accessing

Chandulal | Last updated: Oct 26, 2018 11:20AM UTC

Hello Team, We are working on a web application where the application requires 3 certificates (with .p12 extension) which are related to Admin user 1, 2 & 3 are to be installed post that the application will be accessible over browser. When the application url is browsed the application prompts a pop-up showing the certificate 1,2,3 in which we have to select the required user certificate and click ok post that the application websso page will be displayed for authentication. We have, Installed the Certificates 1,2,3 on Burp suite Installed the Portswigger CA Configered the Burp proxy with the Browser proxy Configured the upstream proxy with the client pac information and we are unable to intercept the traffic over burp it shows "Unknown_CA" or "Handshake_Failure" over browser. We would need your expert advice in this matter asap as we have an urgent deliverable to the client.

PortSwigger Agent | Last updated: Oct 26, 2018 12:46PM UTC

To debug this you'll need to confirm each setting is working. First, can you browse to https://example.com - and see the traffic in Burp, and get no browser certificate warning? Can you browse to an HTTP version of this site? That should confirm the upstream proxy is working. If both of those are working, please send us a screenshot of User options > SSL > Client SSL Certificates

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.