# Install Burp's CA Certificate In Firefox 1. In Burp Suite, go to **Proxy** > **Intercept** tab and disable intercept mode by clicking on the "**Intercept is on**" button. ![](https://990422818-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LWGXF4oLcghA1GLq0CM%2F-Lfu0O3v4hh3tZFmLPDz%2F-Lfu0SttiyNdVe2wQV5_%2Fimage.png?alt=media\&token=78366c8f-2f88-47f4-ba68-3d4fbeb1d42d)
In Firefox, navigate to a secure website, e.g., `https://www.example.com`. If you have configured Burp's proxy listener correctly, and you haven't installed Burp's self-signed Certificate Authority (CA) certificate, yet, then the browser may throw an "invalid security certificate" error with the message "*...issuer certificate is unknown*". Click on the "Advanced" button to see error details. ![Invalid security certificate](https://990422818-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LWGXF4oLcghA1GLq0CM%2F-LWHQt-EMiiOHTuosAKW%2F-LWHQwRWKP7lajI7tYU3%2F33-cert.png?generation=1547571285726138\&alt=media) If you received "SEC\_ERROR\_UNKNOWN\_ISSUER" error from the browser, navigate to `http://burp`. ![Download Burp's self-signed root certificate](https://990422818-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LWGXF4oLcghA1GLq0CM%2F-LWHQt-EMiiOHTuosAKW%2F-LWHQwRYK8MDj44MBPMs%2F34-cert.png?generation=1547571286671322\&alt=media) Click on "CA Certificate" link to download the "cacert.der" file. ![](https://990422818-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LWGXF4oLcghA1GLq0CM%2F-LydRizJwNOZ8NHyXEAi%2F-LydRrwOG0kz9zDOOAGB%2Fimage.png?alt=media\&token=604e4d73-4700-421c-bd81-6e51b5fea0ac) In the Firefox browser, go to "Preferences", search for the term "certificate", and click on "View Certificates" button. ![](https://990422818-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LWGXF4oLcghA1GLq0CM%2F-LydRizJwNOZ8NHyXEAi%2F-LydRxTeRedRx3TouqbD%2Fimage.png?alt=media\&token=a3215a53-7898-4114-b414-79b076f7ed4d) In the "Certificate Manager" window, click on "Import" button and select the downloaded "cacert.der" file.
In the "Downloading Certificate" window prompt, select checkboxes as shown in following image and click on "Ok".
Access secure websites, e.g., "", without encountering the "SEC\_ERROR\_UNKNOWN\_ISSUER" error. ![](https://990422818-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LWGXF4oLcghA1GLq0CM%2F-LydRizJwNOZ8NHyXEAi%2F-LydS900uHRkz-DxZwl4%2Fimage.png?alt=media\&token=2cab18d8-96ef-4624-b5d4-3d951dcee87b) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://infosecgirls.gitbook.io/infosecgirls-training/appsec/initial-setup/6-ca-cert.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.