Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Importing Certificates

Wilson | Last updated: Oct 04, 2018 05:36PM UTC

When attempting to import a certificate and key in DER format the following message appears. "Failed to import certificate: java.security:InvalidKeyException: IO Exception: DERInputStream: getLength(): lengthtag = 127. to long I am clueless which way to turn as the message seems more like it is directed to a developer with internal knowledge of an app than the app user. Would you have any insight where to look to begin working around this? Thanks Will

Liam, PortSwigger Agent | Last updated: Oct 05, 2018 12:46PM UTC

Where are you encountering this error message? If you could send us an screenshot, that might be helpful (support@portswigger.net).

Burp User | Last updated: Oct 05, 2018 07:28PM UTC

Under the 'Proxy' tab and second row tabs 'Option' under the 'Proxy Listeners' block, there is the radio button selection for importing and exporting certificates. I am attempting to import a DER formatted cert when the error occurs. I provide the location of the signed cert and the separate private key when the error is produced. If there a specific name which has to be used for the cert, a specific name length and/or a specific file extension? Also the same query comes to mind for the key file naming and extension? Thanks Will

PortSwigger Agent | Last updated: Oct 08, 2018 10:27AM UTC

It sounds like you are importing a key that is in the wrong format. DER files are a binary format, so they look strange in a text editor. If you see ----BEGIN CERTIFICATE---- that is a pem file. You can use openssl to conver pem to der: - https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key

Burp User | Last updated: Oct 10, 2018 11:44AM UTC

Thank you for the direction. I have gone back and verified the file format for both the cert and key selected were binary format. (Symbols, characters etc vs Base64 string with human readable characters) Will keep chasing this and see if I can find where an operator error may be occurring.

PortSwigger Agent | Last updated: Oct 10, 2018 12:06PM UTC

Hi Wilson, Can you send us your debug ID please? It's in User Options > Misc > Performance feedback. If you're also able to share the certificate you're struggling with, we'll investigate further.

Burp User | Last updated: Oct 10, 2018 02:04PM UTC

Still cannot seem to make headway. Error message has changed now. Verified I am dealing with Binary format files for the Cert and Key. The screen output can be seem at: https://ibb.co/kfPd3p

Burp User | Last updated: Oct 12, 2018 11:31AM UTC

pg90759vtyj19p3a60oy:xub2 Trying to gain approval to release the cert to you. Management reluctance. Thanks

PortSwigger Agent | Last updated: Oct 15, 2018 02:07PM UTC

Hi Wilson, Ok, in the meantime, I suggest you use OpenSSL to verify that the certificates are valid. Try converting DER to PEM, using the instructions on the link I sent earlier.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.