There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated > openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der -extensions v3_ca -config openssl.cnf # It's important to have the v3_ca extension and to supply the openssl.cnf file # Borrow the default openssl.cnf (location may differ, see note) You can also find the commands in a copy/pastable format below. Granted, there are only a few steps to the processes, but that’s only because I’m not listing all my failed attempts. The following steps are executed on a clean 14.04 Ubuntu installation. I order to successfully install our custom root CA in both Burp and Android, we need to create a CA that has the v3_ca extension. However, as I would like to have one certificate setup to rule them all, I searched for a solution… The solution – Creating custom CA and importing it into Burp suite Chrome is only picky about “real” CA, which are evidently installed in the system root CA store. The goal of this blog post isn’t about all my failed attempts and why they failed, but about sparing you the trouble and giving you a working step-by-step guide to get this to work.Īs a side note, this problem does not occur with the normal setup, where Burp’s root CA is added as a trusted user certificate.
In practice, it turns out to be a lot more difficult to get the configuration right than you would think.
This sounds like an easy solution, as we can decrease the lifetime of the root CA, so it’s the next obvious step. Unfortunately, the problem persisted after doing so.īurp also allows us to import a self made certificate + private key to be used instead of the automatically generated one. This seems like a reasonable requirement, and after searching Portswigger’s site, the recommendation was to reissue the Burp CA certificate. A quick google search tells us that Google has chosen only to allow leaf certificates that expire within 39 months. If we take a look at the specifics of the certificate, we see that the certificate expires on Jan 11, 2023.
0 kommentar(er)
