Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cert expiration time

Aule | Last updated: Nov 03, 2015 04:21PM UTC

Hello Portswigger, What do you think about adding an option to specify how long a service cert should be valid ? Currently, every cert is issued for 20 years which is more than 39 months - the limitation introduced in April this year (announced by most cert providers, e.g. https://www.entrust.com/ssl-39-months/). The Burp certs are refused at least by Google Chrome what is a significant limitation. It seems that a good place in UI would be Proxy Listener > Proxy config > Certificate. Or the simple workaround would be to issue certs for a year or two instead of 20 years. What do you think ? Aule

PortSwigger Agent | Last updated: Nov 03, 2015 04:26PM UTC

Thanks for your feedback. We'll look into this issue. We're not seeing any problem with Chrome and Burp in our own testing. Is this a standard install of Chrome with no particular settings applied? Have you regenerated your Burp CA certificate since we switched from SHA1 to SHA256? (See http://releases.portswigger.net/2015/04/v1617.html).

PortSwigger Agent | Last updated: Feb 19, 2016 09:36AM UTC

We'll look into providing a configurable option or other workaround for this problem, and get back to you.

Burp User | Last updated: Mar 29, 2016 07:12PM UTC

The inability to specify cert validity durations is definitely impacting my ability to proxy traffic. Browser: Chrome 49.0.2623.105 (32bit) for Android Error received: ERR_CERT_VALIDITY_TOO_LONG Suggestion: Introduce a Burp setting to allow someone to specify how many months before and after today the dynamic domain cert is valid. Default to [-1, 36] or something like that. thx.

PortSwigger Agent | Last updated: Apr 28, 2016 08:03AM UTC

Hi Andrew, We're going to look at providing a configurable validity period. In the meantime, you can generate your own CA certificate with a suitable validity period using openssl, and import it into Burp. The dynamically generated certificates are always given the same validity period as the CA.

Burp User | Last updated: Nov 20, 2017 10:37PM UTC

I second this. This happens on apps using Chrome as a web-frame on Android 7.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.