Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Unable to import a client TLS certificate

Jan | Last updated: Aug 16, 2021 03:04PM UTC

Hello PortSwigger, Since the webpage we are testing is reporting during BURP scans TLS certificate issue, we wanted to mitigate it by uploading our certificate. Using Java´s keytool I have been able to convert our .jks keystore to .P12, which is supported by BURP. Conversion was successful, without any errors. Then I try to import them in: User Options > TLS > Client TLS Certificates When I try to import it (I use wildcard "*" for Destination host, then select the file and fill the password), it always ends up with a generic error "Failed to load certificate: unable to retrieve key". I have tried different formats, converting from scratch, it always fails with aforementioned error. Can you help me out, please, as we really need to be able to upload certificates in the future as well? We have the Professional license.

Hannah, PortSwigger Agent | Last updated: Aug 17, 2021 03:04PM UTC

Hi You can leave the Destination Host blank to apply to all hosts. Did you use the following guide to convert your certificate from .jks to .p12: https://knowledge.digicert.com/solution/SO17201.html

Jan | Last updated: Aug 18, 2021 09:47AM UTC

I did use it now (in my previous command, only -srcstoretype and -deststorepass were missing), with the same result: "Failed to load certificate: unable to retrieve key".

Hannah, PortSwigger Agent | Last updated: Aug 19, 2021 04:34PM UTC

Hi Could you send us some screenshots of your issue to support@portswigger.net? Could you also send your diagnostics information? You can find this by going to "Help > Diagnostics" within Burp.

Jan | Last updated: Aug 23, 2021 10:17AM UTC

Screenshots + diagnostics file have been sent on a mail, as requested.

Hannah, PortSwigger Agent | Last updated: Aug 24, 2021 10:53AM UTC