-
-
Save pwlin/8a0d01e6428b7a96e2eb to your computer and use it in GitHub Desktop.
https://code.google.com/p/android/issues/detail?id=32696#c5 | |
If you have a certificate that is not | |
trusted by Android, when you add it, it goes in the personal cert store. | |
When you add a cert in this personal cert store, the system requires a | |
higher security level to unlock the device. But if you manage to add your | |
cert to the system store then you don't have this requirement. Obviously, | |
root is required to add a certificate to the system store, but it is quiet | |
easy. | |
Here is how to do it : | |
1 - add your cert normally, it will be stored in your personal store and | |
android will ask you a pin/password... Proceed | |
2 - With a file manager with root capabilities, browse files | |
in /data/misc/keychain/cacerts-added. You should see a file here, it's the | |
certificate you have added at step 1. If you can not find it in that path, look in /data/misc/user/0/cacerts-added/ | |
3 - Move this file to system/etc/security/cacerts (you will need to mount | |
the system partition r/w) | |
4 - Reboot the phone | |
5 - You are now able to clear the pin/password you have set to unlock the | |
device. | |
I Think that this will only work for Root or Intermediate CA. | |
I got the idea by reading this : | |
http://nelenkov.blogspot.fr/2011/12/ics-trust-store-implementation.html |
@Things22 I did it brother.
For httpcanary, I did it hurray!
Just download the zip from here https://github.com/AdguardTeam/adguardcert/releases/
Then open it and go post-fs-data.sh
and you need to just change two things. Look for something like this AG_CERT_HASH
, AG_CERT_FILE
and edit both of them to this.
AG_CERT_HASH=87bc3517 AG_CERT_FILE=/data/local/tmp/87bc3517.0
Make sure to copy your root certificate to /data/local/tmp
And then install that zip to magisk as you do for modules.
Reboot and done.
+1 Thanks a bunch.
This helped a lot with Let's Encrypt rolling over to their ISRG Root X1 cert and old android machines.
@Nattle @RevealedSoulEven could you tell how it worked for you
i am testing on android 14 samsung real device i followed the steps and edit the both variable but getting Error
unZip Error
@Nattle @RevealedSoulEven could you tell how it worked for you i am testing on android 14 samsung real device i followed the steps and edit the both variable but getting Error unZip Error
this: https://xdaforums.com/t/magisk-module-unzip-error.4503395/ works for me.
You need to be careful to not include an dir in the zip file, after editing, only zip files in unzipped dir instead of zip the dir.
@Sudo989 No.
@devnoname120
pls tell me how to replace adguard module to reqable and httpcanary ca certificate
i tried but didn't understand anything