Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Import Client SSL Certificates (.CER files)

Tyler | Last updated: Mar 01, 2018 07:06AM UTC

I was trying to load a .CER file into the Client SSL section for the proxy server, however it says it requires a password. Is there any way around this? I tried the Openssl method of setting a custom password except there doesn't seem to be any documentation of .CER files. I'm trying to access a company site that requires a certain certificate and hardware token. The hardware token works just fine though. I'm running Burp Suite Community Edition 1.7.32 on Ubuntu Mate.

PortSwigger Agent | Last updated: Mar 01, 2018 09:44AM UTC

Hi Tyler, Unfortunately, Burp does not support certificates without passwords. You will need to add one using the OpenSSL command line. Burp needs the certificate in PKCS#12 format, which includes both the certificate and private key. If you have the key as well as the .cer file, you can convert it by following these instructions: - https://stackoverflow.com/questions/39091048/convert-cer-to-p12 Please let us know if you need any further assistance.

Burp User | Last updated: May 13, 2018 01:01PM UTC

Client SSL Certificates does not work I added a record in the client SSL certificates configuration user options-> ssl, chrome request is not the corresponding certificate I added, I do not know what conditions to make the client match to this article I added, how do I not configure Effective.

Liam, PortSwigger Agent | Last updated: May 15, 2018 01:36PM UTC

LiShiXin, have you tried using Wireshark to monitor the traffic? Would it be possible to send us screenshots of this traffic to help us assess what is causing the issue? You can send details or screenshots to support@portswigger.net.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.