Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Cert expiration time

Aule | Last updated: Nov 03, 2015 04:21PM UTC

Hello Portswigger, What do you think about adding an option to specify how long a service cert should be valid ? Currently, every cert is issued for 20 years which is more than 39 months - the limitation introduced in April this year (announced by most cert providers, e.g. https://www.entrust.com/ssl-39-months/). The Burp certs are refused at least by Google Chrome what is a significant limitation. It seems that a good place in UI would be Proxy Listener > Proxy config > Certificate. Or the simple workaround would be to issue certs for a year or two instead of 20 years. What do you think ? Aule

PortSwigger Agent | Last updated: Nov 03, 2015 04:26PM UTC

Thanks for your feedback. We'll look into this issue. We're not seeing any problem with Chrome and Burp in our own testing. Is this a standard install of Chrome with no particular settings applied? Have you regenerated your Burp CA certificate since we switched from SHA1 to SHA256? (See http://releases.portswigger.net/2015/04/v1617.html).

PortSwigger Agent | Last updated: Feb 19, 2016 09:36AM UTC

We'll look into providing a configurable option or other workaround for this problem, and get back to you.

Burp User | Last updated: Mar 29, 2016 07:12PM UTC

The inability to specify cert validity durations is definitely impacting my ability to proxy traffic. Browser: Chrome 49.0.2623.105 (32bit) for Android Error received: ERR_CERT_VALIDITY_TOO_LONG Suggestion: Introduce a Burp setting to allow someone to specify how many months before and after today the dynamic domain cert is valid. Default to [-1, 36] or something like that. thx.

PortSwigger Agent | Last updated: Apr 28, 2016 08:03AM UTC

Hi Andrew, We're going to look at providing a configurable validity period. In the meantime, you can generate your own CA certificate with a suitable validity period using openssl, and import it into Burp. The dynamically generated certificates are always given the same validity period as the CA.

Burp User | Last updated: Nov 20, 2017 10:37PM UTC