Last active
July 20, 2024 17:34
-
-
Save pwlin/8a0d01e6428b7a96e2eb to your computer and use it in GitHub Desktop.
Android : add cert to system store
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://code.google.com/p/android/issues/detail?id=32696#c5 | |
| If you have a certificate that is not | |
| trusted by Android, when you add it, it goes in the personal cert store. | |
| When you add a cert in this personal cert store, the system requires a | |
| higher security level to unlock the device. But if you manage to add your | |
| cert to the system store then you don't have this requirement. Obviously, | |
| root is required to add a certificate to the system store, but it is quiet | |
| easy. | |
| Here is how to do it : | |
| 1 - add your cert normally, it will be stored in your personal store and | |
| android will ask you a pin/password... Proceed | |
| 2 - With a file manager with root capabilities, browse files | |
| in /data/misc/keychain/cacerts-added. You should see a file here, it's the | |
| certificate you have added at step 1. If you can not find it in that path, look in /data/misc/user/0/cacerts-added/ | |
| 3 - Move this file to system/etc/security/cacerts (you will need to mount | |
| the system partition r/w) | |
| 4 - Reboot the phone | |
| 5 - You are now able to clear the pin/password you have set to unlock the | |
| device. | |
| I Think that this will only work for Root or Intermediate CA. | |
| I got the idea by reading this : | |
| http://nelenkov.blogspot.fr/2011/12/ics-trust-store-implementation.html |
+1 Thanks a bunch.
This helped a lot with Let's Encrypt rolling over to their ISRG Root X1 cert and old android machines.
@Nattle @RevealedSoulEven could you tell how it worked for you
i am testing on android 14 samsung real device i followed the steps and edit the both variable but getting Error
unZip Error
@Nattle @RevealedSoulEven could you tell how it worked for you i am testing on android 14 samsung real device i followed the steps and edit the both variable but getting Error unZip Error
this: https://xdaforums.com/t/magisk-module-unzip-error.4503395/ works for me.
You need to be careful to not include an dir in the zip file, after editing, only zip files in unzipped dir instead of zip the dir.
@Sudo989 No.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@Things22 I did it brother.
For httpcanary, I did it hurray!
Just download the zip from here https://github.com/AdguardTeam/adguardcert/releases/
Then open it and go
post-fs-data.shand you need to just change two things. Look for something like thisAG_CERT_HASH,AG_CERT_FILEand edit both of them to this.AG_CERT_HASH=87bc3517 AG_CERT_FILE=/data/local/tmp/87bc3517.0Make sure to copy your root certificate to /data/local/tmp
And then install that zip to magisk as you do for modules.
Reboot and done.