Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

TLS Certificate Validity Period That Is Too Long

Claudio | Last updated: Aug 30, 2016 02:11PM UTC

Hi there. Using the latest versions of Chrome for Android, I keep getting the error: "validity period that is too long". For what I could determine, Chrome for Android will hard fail any certificate prior to 1st April 2015 that has more than 39 months of validity period. Burp Suite should generate the certificates respecting this condition.

PortSwigger Agent | Last updated: Sep 07, 2016 10:52AM UTC

Thanks for this feedback. We'll resolve this problem by having Burp backdate its CA and host certificates to before 2015, so that the validity limit is not enforced. The alternative (of using a short validity period) would mean that Burp users would need to regenerate their CA certificate in long-standing Burp installations, and update their browsers accordingly.

PortSwigger Agent | Last updated: Sep 08, 2016 02:49PM UTC

Just to let you know that this issue should now be resolved in the latest Burp release. Thanks again for your feedback and do let us know if you run into any other problems.

Burp User | Last updated: Sep 20, 2016 04:05PM UTC

Awesome. Thank you Dafydd.

PortSwigger Agent | Last updated: Sep 21, 2016 07:50AM UTC

You need to regenerate your Burp CA certificate and install that in your browser. You can do this at Proxy / Options / Proxy listener / Regenerate CA certificate, and then restart Burp.

Burp User | Last updated: Oct 14, 2016 03:30AM UTC

This problem isn't resolved in 1.7.07 - I'm still getting the validity too long error after importing the Burp cert provided with the latest version.

Burp User | Last updated: Jan 18, 2017 10:31PM UTC

Hi, I'm on version 1.7.16. Regenerated CA and it is valid till 2037, similarly as per-host certificates generated by Burp on the fly. Validity Not Before: Jan 18 22:14:58 2014 GMT Not After : Jan 18 22:14:58 2037 GMT This fact (long validity period) is apparently something Chrome for Android does not like. Could you please reconsider. Thanks, Mike

Burp User | Last updated: Jan 19, 2017 10:37AM UTC

Update: Apparently Chrome for Android doesn't trust the certificate even though it is issued before 1st April 2015.

Burp User | Last updated: Jan 19, 2017 05:32PM UTC

For the record: I was installing the Burp CA cert in /system/etc/security/cacerts. However, I have now installed it as an user certificate (via UI) and it works fine. Thanks, Mike

PortSwigger Agent | Last updated: Jan 20, 2017 09:10AM UTC

Mike - thanks for the tip. If other users are running into this problem, please see if installing the certificate as a user certificate via the UI works.

Liam, PortSwigger Agent | Last updated: Jan 20, 2017 09:12AM UTC

Hi Brett Thanks for your message. Are you having an issue with the certificate validity period?

Burp User | Last updated: May 05, 2017 03:20PM UTC

Can you not just give us an option to generate a shorter certificate?

Burp User | Last updated: Aug 09, 2017 10:16PM UTC

I've updated to the latest version (1.7.26) of Burp, regenerated the cert, and exported it. The cert is still showing a valid to date of ??August ?9, ?2037. Am I missing something?

Liam, PortSwigger Agent | Last updated: Aug 10, 2017 08:13AM UTC

Which device are you using Mike? Have you tried installing it as an user certificate (via the Burp UI)?

Liam, PortSwigger Agent | Last updated: Nov 21, 2017 03:28PM UTC

You're still having the same issue having installed it as a user certificate? We decided against a short validity period as it would mean that Burp users would need to regenerate their CA certificate in long-standing Burp installations, and update their browsers accordingly.

Burp User | Last updated: Jul 20, 2018 08:20AM UTC

Hi Liam, Sorry for the delay in responding, but yes, I still have an issue. Can we not get this option, too issue certificates with a shorter validity period? Thanks, Brett

Burp User | Last updated: Apr 11, 2019 04:14AM UTC

Hi, I've encountered the same issue. In latest android versions I have to put my certificate into system. And it seems your certificate doesn't work for system, period is too long. What the problem making period configureable?

Liam, PortSwigger Agent | Last updated: Apr 11, 2019 07:40AM UTC

Maxim, are you encountering an error message? If so, would it be possible to send us a screenshot of the error (support@portswigger.net)?

Burp User | Last updated: Nov 15, 2019 05:19PM UTC

Hello, I confirm the issue too. Chrome (at least) shows an error "ERR_CERT_VALIDITY_TOO_LONG" after install Burp CA as system CA As explained here: https://blog.nviso.be/2018/01/31/using-a-custom-root-ca-with-burp-for-inspecting-android-n-traffic/

Mike, PortSwigger Agent | Last updated: Nov 19, 2019 09:03AM UTC

Hi Clement We have a story in our backlog to address this issue. We cannot provide an ETA for this. However, we will notify this thread once the fix has been released.

Burp User | Last updated: Dec 13, 2019 12:54AM UTC

Still an issue ... i don't understand how the fuck this fix can take so long? Just go in your source code that generates certificates and wherever it says how long to cert is valid change that to a year or whatever, what the fuck

Ben, PortSwigger Agent | Last updated: Dec 13, 2019 10:33AM UTC

We have released an update (Burp Professional Version 2020.1) that incorporates your feedback and has reduced the validity of the CA Certificate. We try our best to use the feedback that adds value to all our users. Sometimes the request may be partially fulfilled or we solved the problem differently to your suggestion. Please feel free to update and provide us with any new feedback to help improve the product further.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.