Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Import client certificate from PKCS12 containing more than one cert

Mike | Last updated: Aug 02, 2018 12:54AM UTC

Back-story: I work with a lot of p12 files that contain an encryption cert and a signing cert for the same user DN, often with the encryption cert first in the p12 file. I have inadvertently wasted more time than I want to admit banging my head against my keyboard that a p12 which works fine in Firefox is completely broken in Burp Pro. (eventually finding the problem, usually after setting up Wireshark, then I use openssl to break the p12 into smaller pieces). So, feature request: When importing a pkcs12 file that contains multiple certificates, the Burp Pro UI should allow me to select which one to use.

PortSwigger Agent | Last updated: Aug 02, 2018 03:10PM UTC

Thanks for letting us know about this. This has been requested before, and I agree, when there's multiple, providing a list so the user can choose would be a good solution. This is on the development plan, although realistically it's likely to be some time until we get to it.

Gokhan | Last updated: Mar 08, 2021 11:31AM UTC

Is this developed already? I've got a client portal which only shows when certificate is installed. Through BURP Pro it redirects me to an error page. When disabling BURP it shows in my browser. Importing into Burp won't help. Forcing through TLS and changing many options, I've lost considerable time to get this working and as Mike has stated, I am pretty much also banging my head into my keyboard. I'm not sure what setting I have to change anymore to get this working correct. I cannot choose the cert I wish to use when requesting the webpage. In browser, I get a choice, after which it just works. Any links for more information on this would really be appreciated.

Michelle, PortSwigger Agent | Last updated: Mar 08, 2021 01:32PM UTC

Thanks for your message. When this was originally raised there did not appear to be as much interest as we expected from the user community, so the feature to allow the selection of the certificate when there are multiple certificates in the PKCS12 file was unfortunately not prioritized. We are reviewing these older requests though, they haven't been removed, so I will add your voice to the request so the team knows you are interested in this. Would Mike's suggestion of using OpenSSL to break the p12 into smaller pieces help in your scenario?

Gokhan | Last updated: Mar 09, 2021 09:19AM UTC

Yes absolutely! thank you for picking up this post so quickly.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.