Generate a custom OpenSSL CA certificate for use with Burp Suite, mitmproxy, or any HTTPS interception proxy. Useful when an Android app blacklists the default Burp/PortSwigger CA.
| File | Format | Use |
|---|---|---|
<name>.crt |
PEM | CA certificate |
<name>.key |
PEM | CA private key |
<name>.der |
DER | CA certificate (binary) |
<name>_key.der |
DER | Private key (binary) |
<name>_key.pkcs8.der |
PKCS#8 DER | Burp Suite import format |
- Python 3.6+
- OpenSSL in
PATH
openssl version # verify it is availablegit clone https://github.com/im-whoami/burpcustomcert
cd burpcustomcert
python3 burpcustomcert.pyYou will be prompted for certificate details (name, country, org, validity period). All files are saved to the current directory.
- Go to Proxy > Options > Import/export CA certificate
- Import certificate:
<name>.der - Import key:
<name>_key.pkcs8.der
- Transfer
<name>.crtto the device - Go to Settings > Security > Encryption & credentials > Install a certificate > CA
- Select and install the file
Android 7+ restricts user-installed CAs to user-space trust by default. For apps that enforce system-level trust, use a rooted device or configure
network_security_config.xmlin the target app.
openssl: command not found — install OpenSSL and add it to PATH
Android does not trust the cert — the app may be pinning the system CA store; try a rooted device or patch the app's network_security_config.xml
MIT
For authorized security testing only. Delete generated certificates and keys after use in lab environments.