Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

certificate_unknown

Robert | Last updated: May 11, 2018 03:39PM UTC

I have an iOS app I'm testing on an iPhone 5c running iOS 10.3.3. The Burp certificate is correctly installed on the device as I'm able to see https web requests and https app requests from other applications within Burp without issue. When I launch the target app I receive "The client failed to negotiate an SSL connection to <client>.com:443: Received fatal alert: certification_unknown" in Burp alerts window. Within the app I receive an NSURLErrorDomain error code of -1200. In Burp I have the following set: project options -> SSL -> SSL Protocols -> All enabled project options -> SSL -> SSL Ciphers -> All enabled project options -> SSL -> SSL Negotiation Workarounds -> Automatically select compatible SSL parameters on negotiation failure project options -> SSL -> SSL Negotiation Workarounds -> Allow unsafe renegotiation (required for some client certificates) user options -> SSL -> Java SSL Options -> Enabled algorithms blocked by Java security policy Under C:\Program Files\BurpSuitePro\jre\lib\security I have replaced the local_policy.jar and US_export_policy.jar with the export controlled versions. Any ideas? The client has informed me cert pinning is not implemented in the target app under test.

Liam, PortSwigger Agent | Last updated: May 11, 2018 03:55PM UTC

It sounds like your certificate is installed correctly. It's possible that this is an issue with the apps TLS settings. iOS 9 added some restrictions in this regard and iOS 10 added further restrictions. - https://stackoverflow.com/questions/40280936/app-transport-security-issue-in-ios-9-and-ios-10 You could try using a device with iOS 8 or 9. Alternatively, testing with iOS 10 may require a jailbroken device. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.