Skip to content

How to Install Burp Suite CA Certificate

DodaTech Updated 2026-06-24 3 min read

In this tutorial, you'll learn about How to Install Burp Suite CA Certificate. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

Your browser shows "Your connection is not private" or "NET::ERR_CERT_AUTHORITY_INVALID" when using Burp Suite proxy. The Burp CA certificate is not installed or trusted.

The Wrong Way

# Clicking "Proceed to site" on every HTTPS warning
# This bypasses security but Burp still cannot intercept HTTPS content

The browser creates the TLS tunnel directly to the server, bypassing Burp's inspection.

The Right Way

Step 1: Export the Burp CA certificate

# Burp Suite → Proxy → Proxy Settings → Import/Export CA certificate
# Export as DER format: burp-ca.der

# Or from the browser:
# Visit http://burpsuite → "CA Certificate"

Step 2: Install on the target browser

# Firefox:
# Settings → Privacy & Security → Certificates → View Certificates
# → Authorities → Import → select burp-ca.der
# Check "Trust this CA to identify websites" and "Trust this CA to identify email users"

# Chrome / Edge / Brave:
# Settings → Privacy and Security → Security → Manage Certificates
# → Import → select burp-ca.der → Place in "Trusted Root Certification Authorities"

Step 3: Verify installation

# Visit https://example.com in the browser
# The URL should show "Not Secure" or "Proxied by Burp"
# Click the padlock → Certificate → "Issued by: PortSwigger CA"

Step 4: Install on mobile devices

# iOS: 
# 1. Connect to Burp proxy
# 2. Visit http://burpsuite → download CA
# 3. Settings → General → About → Certificate Trust Settings → Enable PortSwigger CA

# Android:
# 1. Same download step
# 2. Settings → Security → Install from storage → select CA file
Burp CA certificate installed and trusted — HTTPS traffic decrypted and visible in Burp Proxy.

Prevention

  • Install the CA certificate on every device and browser before testing.
  • Keep the Burp CA private key secure — it can decrypt any HTTPS traffic from devices that trust it.
  • The certificate injection technique is similar to Doda Browser's enterprise CA management — trusted CAs enable SSL inspection for security monitoring.

Common Mistakes with suite cert install

  1. Using head and tail instead of pattern matching, causing runtime errors on empty lists
  2. Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks
  3. Using return to exit a function early instead of wrapping a pure value in the monad

These mistakes appear frequently in real-world BURP code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### Why does Chrome not accept the Burp CA certificate?

Chrome requires the certificate to be placed in "Trusted Root Certification Authorities" (Windows) or the System Keychain (macOS). On macOS, add it to the "System" keychain and set "Trust" to "Always Trust." Chrome does not use Firefox's certificate store.

Is it safe to install the Burp CA certificate?

Burp generates a unique CA certificate per installation. It only works for traffic passing through your Burp proxy. Remove the certificate from your browser's trust store when you finish testing. Do not use the same Burp CA across different security teams.

How do I remove the Burp CA certificate?

Firefox: Settings → Certificates → Authorities → select PortSwigger → Delete. Chrome: Settings → Manage Certificates → Trusted Root Certification Authorities → select PortSwigger CA → Remove. macOS: Keychain Access → System → delete the certificate.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro