CA and cert HOWTO:

Setup the server:

1) generate Diffie-Hellman Parameters

 openssl dhparam -out /etc/burp/dhfile.pem 1024
 chmod 600 /etc/burp/dhfile.pem

2) Initialise CA

 burp_ca --init --ca myCA

 This creates /etc/burp/CA, generate private key for CA and self signed
 certificates.

3) Generate server key and cert signing request

 burp_ca --key --request --name myServer

4) Sign request

 burp_ca --sign --ca myCA --name myServer --batch

5) Link or copy cert and key to /etc/burp

 ln -s CA/CA_myCA.crt /etc/burp/ssl_cert_ca.pem
 ln -s CA/myServer.crt /etc/burp/ssl_cert-server.pem
 ln -s CA/myServer,key /etc/burp/ssl_cert-server.key

 (use the ssl_cert and ssl_key options in burp-server.conf !)


Setup the client (the easy way - unsecure):

1) Generate client key and cert __on the server__

  burp_ca --name myClient --ca myCA --key --request --sign --batch

2) on the client you dont need a CA, so just

  mkdir /etc/burp/CA
  chmod 700 /etc/burp/CA

3) copy key and certs from server to client

  server:/etc/burp/ssl_cert_ca.pem -> client:/etc/burp/ssl_cert_ca.pem
  server:/etc/burp/CA/myClient.crt -> client:/etc/burp/ssl_cert-client.crt
  server:/etc/burp/CA/myClient.key -> client:/etc/burp/ssl_cert-client.key
  chmod 600 /etc/burp/ssl_cert-client.key

  (use the ssl_cert and ssl_key options in burp.conf !)


Setup the client (the usual way)

1) on the client you dont need a CA, so just

  mkdir /etc/burp/CA
  chmod 700 /etc/burp/CA

2) Generate client key and cert signing request

  burp_ca --key --request --name myClient

3) copy the request from client to the server

  client:/etc/burp/CA/myClient.csr -> server:/etc/burp/ssl/myClient.csr

4) sign the request __on the server__
 
  burp_ca --name myClient --ca myCA --key --request --sign --batch

5) copy the certs back to the client

  server:/etc/burp/CA/CA_myCA.crt -> client:/etc/burp/CA/CA_myCA.crt
  server:/etc/burp/CA/myClient.crt -> client:/etc/burp/CA/myClient.crt

6) link or copy the files

 ln -s CA/CA_myCA.crt /etc/burp/ssl_cert_ca.pem
 ln -s CA/myClient.crt /etc/burp/ssl_cert-client.pem
 ln -s CA/myClient,key /etc/burp/ssl_cert-client.key
  
 (use the ssl_cert and ssl_key options in burp.conf !)
