I have created my own CA certificate and now I want to install it on my Android Froyo device (HTC Desire Z), so that the device trusts my certificate.
Android stores CA certificates in its Java keystore in /system/etc/security/cacerts.bks
. I copied the file to my computer, added my certificate using portecle 1.5 and pushed it back to the device.
Now, Android does not seem to reload the file automatically. I have read in several blog posts that I need to restart the device. Doing so results in the file being overwritten with the original one again.
My next try was to install the certificate from SD card by copying it and using the according option from the settings menu. The device tells me that the certificate has been installed, but apparently it does not trust the certificate. Moreover, when I try to copy the keystore to my computer, I still find the original stock cacerts.bks
.
So, what is the right way to install my own root CA certificate on an Android 2.2 device as a trusted certificate? Is there a way to do it programmatically?
Best Answer
Prior to Android KitKat you have to root your device to install new certificates.
From Android KitKat (4.0) up to Nougat (7.0) it's possible and easy. I was able to install the Charles Web Debbuging Proxy cert on my un-rooted device and successfully sniff SSL traffic.
Extract from http://wiki.cacert.org/FAQ/ImportRootCert
From Android N onwards it gets a littler harder, see this extract from the Charles proxy website:
Add a file res/xml/network_security_config.xml to your app:
Then add a reference to this file in your app's manifest, as follows: