Cert validity too long
The error described in the following link still happens with the latest version of Burp (1.7.07), despite being resolved as fixed in the September 8 release (1.7.06):
You will need to regenerate your CA certificate and install the new certificate in your browser.
I have installed the latest version of Burp Professional (1.7.08) and regenerated the certificate. I can see now that the certificate was issued in 2014, however I still get the NET::ERR_CERT_VALIDITY_TOO_LONG error in Chrome on Android.
It appears that this issue is only affecting Chrome on Android. In our own testing, we’re not seeing this issue. We’re going to do some more investigation on different versions.
If anyone has more data on which specific versions are affected by this issue, it would help, thanks.
I get the "Validity too long" error if I add Burp's certificate as a Root/System CA (http://wiki.cacert.org/FAQ/ImportRootCert#CAcert_system_trusted_certificates_.28without_lockscreen.29).
When adding as a user certificate (Settings > Security > Install from storage) it works fine.
I used the following commands to generate the PKCS#12 keystore:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout pk.key -out certificate.crt
openssl pkcs12 -export -out certificate.p12 -inkey pk.key -certfile certificate.crt -in certificate.crt
I also was able to push a converted certificate into my Android cert store /system/etc/security/cacerts/ . To do that, I wrote a script to convert the DER certificate to the Android format on Github. https://github.com/oemunlock/burp_der_cert_to_android_cert
After importing the certificate in Burp and restarting Burp, I downloaded it to my PC by viewing the Burp Proxy page (localhost:8080) and downloading the cacert.der file. After that, I used the script above and it generates a file that looks like 9a5ba575.0. From there, I ran:
adb root && adb wait-for-device remount && adb wait-for-device push [name of cert] /system/etc/security/cacerts/[name of cert]
Then checked the permissions on the file: adb shell ls -al -Z /system/etc/security/cacerts/* to make sure everything was okay and rebooted the phone.