How to Install Burp Suite CA Certificate
In this tutorial, you'll learn about How to Install Burp Suite CA Certificate. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.
Your browser shows "Your connection is not private" or "NET::ERR_CERT_AUTHORITY_INVALID" when using Burp Suite proxy. The Burp CA certificate is not installed or trusted.
The Wrong Way
# Clicking "Proceed to site" on every HTTPS warning
# This bypasses security but Burp still cannot intercept HTTPS content
The browser creates the TLS tunnel directly to the server, bypassing Burp's inspection.
The Right Way
Step 1: Export the Burp CA certificate
# Burp Suite → Proxy → Proxy Settings → Import/Export CA certificate
# Export as DER format: burp-ca.der
# Or from the browser:
# Visit http://burpsuite → "CA Certificate"
Step 2: Install on the target browser
# Firefox:
# Settings → Privacy & Security → Certificates → View Certificates
# → Authorities → Import → select burp-ca.der
# Check "Trust this CA to identify websites" and "Trust this CA to identify email users"
# Chrome / Edge / Brave:
# Settings → Privacy and Security → Security → Manage Certificates
# → Import → select burp-ca.der → Place in "Trusted Root Certification Authorities"
Step 3: Verify installation
# Visit https://example.com in the browser
# The URL should show "Not Secure" or "Proxied by Burp"
# Click the padlock → Certificate → "Issued by: PortSwigger CA"
Step 4: Install on mobile devices
# iOS:
# 1. Connect to Burp proxy
# 2. Visit http://burpsuite → download CA
# 3. Settings → General → About → Certificate Trust Settings → Enable PortSwigger CA
# Android:
# 1. Same download step
# 2. Settings → Security → Install from storage → select CA file
Burp CA certificate installed and trusted — HTTPS traffic decrypted and visible in Burp Proxy.
Prevention
- Install the CA certificate on every device and browser before testing.
- Keep the Burp CA private key secure — it can decrypt any HTTPS traffic from devices that trust it.
- The certificate injection technique is similar to Doda Browser's enterprise CA management — trusted CAs enable SSL inspection for security monitoring.
Common Mistakes with suite cert install
- Using
headandtailinstead of pattern matching, causing runtime errors on empty lists - Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks
- Using
returnto exit a function early instead of wrapping a pure value in the monad
These mistakes appear frequently in real-world BURP code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.
Practice Exercise
Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.
This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.
FAQ
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro