Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

how to use a client certificate that doesn't have a password

Glenn | Last updated: Dec 27, 2017 06:35PM UTC

I have a client certificate that is required to access a website I need to run Burp Suite Pro against but the certificate does not have a password. Is there a way of not specifying the password when trying to configure the client certificate in Burp Suite options? Thanks

PortSwigger Agent | Last updated: Dec 28, 2017 07:54AM UTC

Hi Glenn, You need to use the openssl command line to add a password, then import that into Burp. We do have a story on the development plan to streamline this, but it won't be looked at until we do other work on the SSL code. The command line will be like: openssl pkcs12 -in cert.pem -out certpw.pem

Liam, PortSwigger Agent | Last updated: Sep 05, 2019 10:31AM UTC

Thanks for the update, Christian.

Burp User | Last updated: Oct 28, 2019 03:20PM UTC

I encountered this as well today. Here is my workaround if you have a key and a pem file for your client SSL Certificate. Burp only accepts pkcs12 (.p12) Files. You can convert your separate files like this and openssl will interactively ask you for a password to encrypt it with: openssl pkcs12 -export -out cert.p12 -inkey cert.key -in cert.pem Then you can add the .p12 in Burp and let Burp use it with your self generated password.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.