The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do I fix BurpSuite Error: The client failed to negotiate a SSL connection to ... Received fatal failed alert: certificate_unknown

malana | Last updated: Oct 11, 2022 10:34AM UTC

Dear supporter, I'm using - BurpSuite pro v2022.8 - Redmi Note 7 (Android 10) Rooted - Windows 10 I have installed burp certificate to system store according to this tutorial https://pswalia2u.medium.com/install-burpsuites-or-any-ca-certificate-to-system-store-in-android-10-and-11-38e508a5541a (method 1 and 2) But when I set proxy to the windows's ip then open chrome and go to a https website (ex: https://portswigger.net), I've got an error in the Burpsuite "The client failed to negotiate a SSL connection to ... Received fatal failed alert: certificate_unknown" and warning in chrome (android) I've tried: - Remove burp certificate then install it again - Disable TLSv1.3 protocol - Install burp into chrome on windows (working) So please help me fix the issue, thank you

Ben, PortSwigger Agent | Last updated: Oct 12, 2022 06:40AM UTC

Hi Malana, Just to clarify, what warning do you see in the Chrome browser on your Android device when you attempt to proxy HTTPS traffic? In addition to the above, can you also confirm which version of Chrome you are running on your Android device?

malana | Last updated: Oct 12, 2022 07:25AM UTC

The warning that I see in the Chrome is: Your connection is not private, NET:ERR_CERT_AUTHORITY_INVALID I'm using Chrome 106.0.5249.79 on Android

Ben, PortSwigger Agent | Last updated: Oct 12, 2022 12:56PM UTC

Hi Malana, Chrome version 99 and above introduces some further issues with proxying traffic from mobile devices due to some changes in how certificate transparency is being applied. I would not necessarily expect to see the errors that you are seeing as a result of these changes but it would be useful to ensure that we are mitigating any potential issues by following the 'How to Fix it' section of the guide below (effectively, this involves placing some configuration files in a few places on your device): https://httptoolkit.tech/blog/chrome-android-certificate-transparency/ If performing the workaround described on the page above does not resolve the issue are you able to answer the following: If you view the problematic certificate within Chrome it is showing as the Portswigger certificate, is that correct? In addition to the above, if you view the Trusted Certificates -> System section on the Android device then there is a 'Portswigger' entry located within here?

malana | Last updated: Oct 13, 2022 02:23AM UTC

"If you view the problematic certificate within Chrome it is showing as the Portswigger certificate, is that correct?" => No, Chrome shows "Your connection is not private... NET::ERR_CERT_AUTHORITY_INVALID" "In addition to the above, if you view the Trusted Certificates -> System section on the Android device then there is a 'Portswigger' entry located within here?" => Yes, Portswigger entry located in the System section

malana | Last updated: Oct 13, 2022 02:36AM UTC

https://httptoolkit.tech/blog/chrome-android-certificate-transparency/ does not solve my problem

Ben, PortSwigger Agent | Last updated: Oct 13, 2022 03:05PM UTC