Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Android : add cert to system store
https://code.google.com/p/android/issues/detail?id=32696#c5
If you have a certificate that is not
trusted by Android, when you add it, it goes in the personal cert store.
When you add a cert in this personal cert store, the system requires a
higher security level to unlock the device. But if you manage to add your
cert to the system store then you don't have this requirement. Obviously,
root is required to add a certificate to the system store, but it is quiet
easy.
Here is how to do it :
1 - add your cert normally, it will be stored in your personal store and
android will ask you a pin/password... Proceed
2 - With a file manager with root capabilities, browse files
in /data/misc/keychain/cacerts-added. You should see a file here, it's the
certificate you have added at step 1.
3 - Move this file to system/etc/security/cacerts (you will need to mount
the system partition r/w)
4 - Reboot the phone
5 - You are now able to clear the pin/password you have set to unlock the
device.
I Think that this will only work for Root or Intermediate CA.
I got the idea by reading this :
http://nelenkov.blogspot.fr/2011/12/ics-trust-store-implementation.html
@artoor32

This comment has been minimized.

Copy link

commented Dec 25, 2018

user certs location in my device:
/data/misc/user/0/cacerts-added

@Herts

This comment has been minimized.

Copy link

commented May 15, 2019

To you all, thanks a lot.
I have been searching for fiddler capturing HTTPS traffic from Android 8.0, and your methods impressed me.

@Hritik14

This comment has been minimized.

Copy link

commented Jun 18, 2019

Did not work for me. Says, cert validity too long, though my cert validity is just 12 months

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.