Re: [Burp-users] Could not find ssl_cert /etc/burp/ssl_cert-client.pem, ssl_cert-client.key, ssl_cert_ca.pem : No such file or directory

[Graham K. <gr...@gr...>]

On Thu, Oct 06, 2022 at 07:26:47PM -0700, Jay Lepore wrote:
> Hello,
> 
> When installing from source and attempting to run *burp -a b* it fails to
> run the backup based on missing client SSL certs.
> 
> After reviewing your page here https://burp.grke.org/docs/burp_ca.html I can
> indeed see some of the expected outcomes but in the end I get errors and am
> not clear on how to resolve this.
> 
> I have created a video to make more complete for you the problem I am
> facing.
> 
>  * https://www.youtube.com/watch?v=yRenXp2Wh0I

Hello,

I think the error is the SSL line that ends with:
SSL alert number 46, which can be seen at around 1:20 in the video as it
zooms out.

These sorts of SSL errors are quite annoying, as they are hard to figure out.
The error comes from the operating system's ssl libraries rather than burp
itself.
And this one is really generic:
"certificate_unknown: An unspecified issue took place while processing the
certificate that made it unacceptable."

Often, it is something to do with the latest distro, where they have made some
system-wide setting that limits the parts of ssl that can be accepted.

If you let me know what distro version you are using, I will make a VM and try
to reproduce/debug.

> On thing in the video that stands out is this line:
> 
>  * Running '/usr/sbin/burp_ca --key --keypath
>    /etc/burp/ssl_cert-client.key --request --requestpath
>    /etc/burp/CA-client/sm_server_bkup.csr --name sm_server_bkup'
> 
> When I look in the /etc/burp/CA-client folder it is empty.  No contents at
> all.
> 
> However, when I look in /etc/burp/CA it does in fact have an
> sm_server_bkup.csr file within it.

This is because the client will delete it's csr file on error, so as not to
block subsequent attempts from the client's perspective.

> Thanks for your guidance.  Once the solution is known I will append that
> solution to this video and upload it for the benefit of others.