Burp Suite User Forum

Create new post

Usage of ssl certificates

Steven | Last updated: Mar 03, 2015 12:29PM UTC

Hi, i have an address that is a restful service that requires an SSL cert inorder to access it the address starts as: https://certapi.t6.lmuk.local/ Please note: -This is an internal address the available to external networks - I'm quite new to Burpsuite Basically i'm trying to hit the address in firefox as it has been configured my proxy gone through the setting on both burp and Firefox, but when ever i hit the address a message "Error - Received fatal alert: bad_certificate". However if i do the same through chrome to get to the service i am successful. is burp using it's own certificate instead of mine which is already listed?

Liam, PortSwigger Agent | Last updated: Mar 04, 2015 02:13PM UTC

Hi Thanks for your message. Are you using a client certificate? If so, you can configure the client SSL certificate that Burp will use when a destination host requires one in the "Client SSL Certificates" section of the "SSL" tab beneath the "Options" tab. Otherwise, as a general rule we recommend testing the web application in all major browsers (as you have done using Chrome) without proxying through Burp. If you encounter no warning then the issue reported by Burp Scanner can be considered a false positive. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.