Burp Suite User Forum

Login to post

Cert validity too long

Random | Last updated: Oct 14, 2016 03:41AM UTC

Hi, The error described in the following link still happens with the latest version of Burp (1.7.07), despite being resolved as fixed in the September 8 release (1.7.06): https://support.portswigger.net/customer/portal/questions/16671002-tls-certificate-validity-period-that-is-too-long

PortSwigger Agent | Last updated: Oct 14, 2016 08:05AM UTC

You will need to regenerate your CA certificate and install the new certificate in your browser.

Burp User | Last updated: Oct 17, 2016 03:39AM UTC

Hi, I have installed the latest version of Burp Professional (1.7.08) and regenerated the certificate. I can see now that the certificate was issued in 2014, however I still get the NET::ERR_CERT_VALIDITY_TOO_LONG error in Chrome on Android.

Burp User | Last updated: Oct 17, 2016 03:51AM UTC

Here are the screenshots of the error and the certificate details: http://puu.sh/rLFeV/bdc00f142c.jpg http://puu.sh/rLFgf/acf9ff2375.jpg

PortSwigger Agent | Last updated: Oct 25, 2016 04:21PM UTC

It appears that this issue is only affecting Chrome on Android. In our own testing, we're not seeing this issue. We're going to do some more investigation on different versions. If anyone has more data on which specific versions are affected by this issue, it would help, thanks.

Burp User | Last updated: Nov 28, 2016 09:05PM UTC

Have the same problem here as well. Burp 1.7.12. Can confirm that I regenerated CA cert, imported on phone (Chrome / Android 7), and still receive NET::ERR_CERT_VALIDITY_TOO_LONG (yes, the thumbprint on the issuer CA matches the newly generated certificate). Validity for end-site cert is equal to issuing cert. Burp Suite should only issue certificates valid for a couple of months or so - or at least have an option for this. Please fix?

Burp User | Last updated: Nov 30, 2016 09:17PM UTC

Using Burp 1.17.13, Android 5.1.1, Chrome 54.0.2840.85 I get the "Validity too long" error if I add Burp's certificate as a Root/System CA (http://wiki.cacert.org/FAQ/ImportRootCert#CAcert_system_trusted_certificates_.28without_lockscreen.29). When adding as a user certificate (Settings > Security > Install from storage) it works fine.

Burp User | Last updated: Jan 06, 2017 11:30PM UTC

Using Burp 1.17.15, Chrome 55.0.2883.91, Android 6.0.1 (CyanogenMod 13 on a Nexus 6), I encountered the same issue. I worked around this problem by generating my own certificate and re-importing. ***Details*** I used the following commands to generate the PKCS#12 keystore: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout pk.key -out certificate.crt openssl pkcs12 -export -out certificate.p12 -inkey pk.key -certfile certificate.crt -in certificate.crt I also was able to push a converted certificate into my Android cert store /system/etc/security/cacerts/ . To do that, I wrote a script to convert the DER certificate to the Android format on Github. https://github.com/oemunlock/burp_der_cert_to_android_cert After importing the certificate in Burp and restarting Burp, I downloaded it to my PC by viewing the Burp Proxy page (localhost:8080) and downloading the cacert.der file. After that, I used the script above and it generates a file that looks like 9a5ba575.0. From there, I ran: adb root && adb wait-for-device remount && adb wait-for-device push [name of cert] /system/etc/security/cacerts/[name of cert] Then checked the permissions on the file: adb shell ls -al -Z /system/etc/security/cacerts/* to make sure everything was okay and rebooted the phone.

Burp User | Last updated: Oct 16, 2018 01:47PM UTC

Seems that this is still an issue in Burp 2.0.8beta. These steps fixed my issue.

Burp User | Last updated: Oct 23, 2019 03:56PM UTC

Darren Shu, Thanks for the solution. Works perfectly :)

You need to Log in to post a reply. Or register here, for free.