Burp Suite User Forum

Create new post

fatal alert: unknown_ca in Burp's "Alerts" tab

BB | Last updated: Sep 29, 2015 06:17PM UTC

Problem: When intercepting, the site I'm visiting doesn't render properly in my browser. Some resources do not load. Related: in BurpSuite's "Alerts" tab, I have dozens of lines like this one: "The client failed to negotiate an SSL connection to s3.amazonws.com:443: Received fatal alert: unknown_ca" Also for seal.verisign.com and www.google-analytics.com and www.facebook.com so not users of obscure root CAs. This is in Burp's "Alerts" tab - so it is not my browser complaining about the cert that Burp creates for itself. I'm running OpenJDK Ubuntu 15.04, fully updated today. New system. Never used Burp here before. I found that /etc/ssl/certs/java/cacerts was missing, and solved that by following the advice here: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760 Even after a reboot, though, I still get the same errors. Any suggestions? $ uname -a Linux [redacted] 3.19.0-28-generic #30-Ubuntu SMP Mon Aug 31 15:52:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux $ java -version Picked up JAVA_TOOL_OPTIONS: -javaagent:/usr/share/java/jayatanaag.jar openjdk version "1.8.0_45-internal" OpenJDK Runtime Environment (build 1.8.0_45-internal-b14) OpenJDK 64-Bit Server VM (build 25.45-b02, mixed mode)

Burp User | Last updated: Sep 29, 2015 07:40PM UTC

Hey, solved my own problem... 1. I noticed the problem was only with HSTS sites, so this was a huge clue. 2. I had to manually import the Burp CA certificate into Firefox (about:preferences#advanced - View Certificates - import ) and check the "This certificate can identify websites" box. Adding it by just downloading and double-clicking it somehow didn't set it up correctly.

PortSwigger Agent | Last updated: Sep 30, 2015 07:55AM UTC

Glad you got things working. For others in this situation, there are instructions here on how to install Burp's CA certificate on various browsers and devices: https://support.portswigger.net/customer/en/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.