I have rooted my Android (4.0.4) phone and installed an app which proxies all HTTP traffic through my computer. This works fine and I can see and modify all HTTP requests. But HTTPS-traffic does not pass through. I have exported the certificate of my proxy but I found out that there is no
cacert.bks-file in the
So how can I add my custom certificate to the list of trusted certificates using
I had the issue with a self signed webserver certificate which I could not install by just open it.
I’ve got a “CertInstaller(28614): didn’t find matched private key” in logcat.
If you want to install new certificates into the android system cacert store when it does not use the bks file anymore:
You have to have root of course.
- You have to get the certificate (export from browser) as pem format.
PEM is a encoded format like:
-----BEGIN CERTIFICATE----- MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 ... -----END CERTIFICATE-----
- You have to get the hash for the subject name.
openssl x509 -inform PEM -subject_hash -in yourcert.crt
You will get something like 0d188d89 back.
You have to get the text version of the certificate.
openssl x509 -inform PEM -text -in yourcert.crt > yourcert.txt
You have to switch the text and the pem section within a editor.
It should look like this:
-----BEGIN CERTIFICATE----- MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 ... -----END CERTIFICATE----- Certificate: Data: Version: 1 (0x0) Serial Number: ...
You rename the file to “0d188d89.0”
Copy the file with adb or something else to /system/etc/security/cacerts/.
You can check by just going into settings / security / trusted credentials / system
The certs are sorted by the “Organization” field from the certs.
Information used from: http://nelenkov.blogspot.de/2011/12/ics-trust-store-implementation.html
Afaik, you dont have to root your device to install your trusted certificates after ICS. There is setting for that.
Due to the use of an oder openssl (0.9.*) on android, I had to use “-subject_hash_old” instead of -subject_hash” in post https://stackoverflow.com/a/18390177/3043726 of user user2708846 here.
I’ve summarized the steps I took (including changing file permissions, copying the file to the android device, and help on how to verify that the certificates are installed correctly) at the cyanogenmod forum http://forum.cyanogenmod.com/topic/82875-installing-cacert-certificates-on-android-as-system-credentials-without-lockscreen/
and on my own blog http://wiki.pcprobleemloos.nl/android/