Burp Suite User Forum

Login to post

Burp Suite CA Certificate Not Trusted

Jake | Last updated: Jan 31, 2017 06:35PM UTC

Hello, I've just downloaded Burp Suite and have configured Chrome to use Burp Suite as my proxy. However, I've tried to install the CA Certificate but whenever I load a https:// URL, I get the following error: NET::ERR_CERT_AUTHORITY_INVALID Am I doing something wrong? I've watched the video posted at https://support.portswigger.net/customer/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser but it doesn't appear to be working. Any help would be appreciated.

Burp User | Last updated: Jan 31, 2017 06:42PM UTC

So trying on Firefox, I get an infinite loading screen. However, when I turn off Proxy Intercept, the webpage loads. After I turn it back on I noticed that the connection is "close."

Liam, PortSwigger Agent | Last updated: Feb 01, 2017 09:42AM UTC

Hi Jake Thanks for your message. When intercept is turned on, Burp Suite should be intercepting the request. The request should appear in the Proxy "Intercept" tab. Are you able to see the http request in this tab? We have two tutorial pages to help you use Burp Proxy within our Support Center, have you checked these out? - https://support.portswigger.net/customer/portal/articles/1783118-getting-started-with-burp-proxy - https://support.portswigger.net/customer/portal/articles/1783119-using-burp-proxy For new users we also recommend that you follow all of our tutorial articles to gain a better understanding of Burp Suite - https://support.portswigger.net/. Have you managed to install the Burp CA Certificate?

Burp User | Last updated: May 19, 2019 03:27AM UTC

Hi i am having a issue with burp suite. I downloaded the certificate but it still isnt working. This is what i get when i try to load the website. Someone could be trying to impersonate the site and you should not continue. Websites prove their identity via certificates. Firefox does not trust www.google.com because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates. Can you please help me with making this function

Rose, PortSwigger Agent | Last updated: May 20, 2019 08:19AM UTC

It looks like the certificate hasn't installed correctly. Could you try removing all instances of the certificate from your machine, downloading a clean instance and reinstalling. If you're still having this issue could you send a screenshot displaying your certificate installed in your browser's cert auth settings.

yash | Last updated: Sep 02, 2020 08:07AM UTC

After u click manage certificates.. go to Trusted root certificate authorities tab and then import and install it there..Then it will work fine!

Elad | Last updated: Jun 23, 2022 01:08PM UTC

assuming you've set the proxy correctly to the IP of the device running burp on your network, and on that installation you've set it so it would listen to all interfaces (or at least the IP of the same network). you should see http (not https) shown in the traffic history, along with errors shown in the main dashboard: Error Proxy The client failed to negotiate a TLS connection to... Received fatal alert: certificate_unknown simply trusting the CA certificate would not work those are the "official" instructions (won't work): download the certificate from http://burp/ (or export it and move it to the device), rename '.der' - to '.crt', place at base of internal/external storage, install through security settings as CA certificate (optionally repeat for WiFi certificate, name the certificate "burp" or something), reboot. the actual installation that would work you can not do as a normal user, you need to follow a different renaming method, move the certificate to '/system/etc/security/cacerts/' then set its ownership and permissions. up until Android 7 and few years ago you might have some wiggle room, but Android 10(11,12,13,..) along with the web migrating to secure connections as a standard, made it a bit more complex.. I guess the staff can't admit it in here for obvious reasons, you should have searched reddit for support instead (or looked through github or gist). see: https://github.com/eladkarako/der_certificate_converter_for_use_as__trusted_ca__for_rooted_android note: there is a magisk module that would do the copying+renaming for you, you still can't do it as a normal user though..

Ben, PortSwigger Agent | Last updated: Jun 23, 2022 03:39PM UTC

Hi Elad, I believe the original poster of this fairly old forum post was having issues installing the Burp CA certificate in the browser rather than trying to install the certificate on an Android mobile device so I am not quite sure that your advice is relevant.

ASFQWR | Last updated: Jun 25, 2022 04:31PM UTC

hmm, yep. please feel free to delete it.

You need to Log in to post a reply. Or register here, for free.