Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

How do I fix BurpSuite Error: The client failed to negotiate a SSL connection to ... Received fatal failed alert: certificate_unknown

malana | Last updated: Oct 11, 2022 10:34AM UTC

Dear supporter, I'm using - BurpSuite pro v2022.8 - Redmi Note 7 (Android 10) Rooted - Windows 10 I have installed burp certificate to system store according to this tutorial https://pswalia2u.medium.com/install-burpsuites-or-any-ca-certificate-to-system-store-in-android-10-and-11-38e508a5541a (method 1 and 2) But when I set proxy to the windows's ip then open chrome and go to a https website (ex: https://portswigger.net), I've got an error in the Burpsuite "The client failed to negotiate a SSL connection to ... Received fatal failed alert: certificate_unknown" and warning in chrome (android) I've tried: - Remove burp certificate then install it again - Disable TLSv1.3 protocol - Install burp into chrome on windows (working) So please help me fix the issue, thank you

Ben, PortSwigger Agent | Last updated: Oct 12, 2022 06:40AM UTC

Hi Malana, Just to clarify, what warning do you see in the Chrome browser on your Android device when you attempt to proxy HTTPS traffic? In addition to the above, can you also confirm which version of Chrome you are running on your Android device?

malana | Last updated: Oct 12, 2022 07:25AM UTC

The warning that I see in the Chrome is: Your connection is not private, NET:ERR_CERT_AUTHORITY_INVALID I'm using Chrome 106.0.5249.79 on Android

Ben, PortSwigger Agent | Last updated: Oct 12, 2022 12:56PM UTC

Hi Malana, Chrome version 99 and above introduces some further issues with proxying traffic from mobile devices due to some changes in how certificate transparency is being applied. I would not necessarily expect to see the errors that you are seeing as a result of these changes but it would be useful to ensure that we are mitigating any potential issues by following the 'How to Fix it' section of the guide below (effectively, this involves placing some configuration files in a few places on your device): https://httptoolkit.tech/blog/chrome-android-certificate-transparency/ If performing the workaround described on the page above does not resolve the issue are you able to answer the following: If you view the problematic certificate within Chrome it is showing as the Portswigger certificate, is that correct? In addition to the above, if you view the Trusted Certificates -> System section on the Android device then there is a 'Portswigger' entry located within here?

malana | Last updated: Oct 13, 2022 02:23AM UTC

"If you view the problematic certificate within Chrome it is showing as the Portswigger certificate, is that correct?" => No, Chrome shows "Your connection is not private... NET::ERR_CERT_AUTHORITY_INVALID" "In addition to the above, if you view the Trusted Certificates -> System section on the Android device then there is a 'Portswigger' entry located within here?" => Yes, Portswigger entry located in the System section

malana | Last updated: Oct 13, 2022 02:36AM UTC

https://httptoolkit.tech/blog/chrome-android-certificate-transparency/ does not solve my problem

Ben, PortSwigger Agent | Last updated: Oct 13, 2022 03:05PM UTC

Hi, For the question about whether Chrome is showing the Portswigger certificate - I meant if you click the site information in the address bar of the browser is it showing that the Portswigger certificate is being used (I presume it is but I just wanted to confirm that this is the case)? Are you able to remove the certificate from the Android device (making sure there is no trace of it) and then regenerate the certificate in Burp by utilising the Proxy -> Options -> Proxy Listeners -> Regenerate CA certificate button. If you could then export, convert and then add the certificate to the location where the system level CA certificates reside on the mobile device and see if this improves things. I normally recommend following the 'Install Burp CA as a system-level trusted CA' section of the guide below in order to do the above (the guide you referenced looks similar but using the steps in the guide below have always worked for me): https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/ If you still have no luck with this - are you able to provide us with some screenshots of the steps that you are taking

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.