I have rooted my Android (4.0.4) phone and installed an app which proxies all HTTP traffic through my computer. This works fine and I can see and modify all HTTP requests. But HTTPS-traffic does not pass through. I have exported the certificate of my proxy but I found out that there is no cacert.bks-file in the /system/etc/security-folder.
So how can I add my custom certificate to the list of trusted certificates using keytool?
I had the issue with a self signed webserver certificate which I could not install by just open it. I've got a "CertInstaller(28614): didn't find matched private key" in logcat. My solution:
If you want to install new certificates into the android system cacert store when it does not use the bks file anymore:
You have to have root of course.
-----BEGIN CERTIFICATE----- MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 ... -----END CERTIFICATE-----
openssl x509 -inform PEM -subject_hash -in yourcert.crt
You will get something like 0d188d89 back.
You have to get the text version of the certificate.
openssl x509 -inform PEM -text -in yourcert.crt > yourcert.txt
You have to switch the text and the pem section within a editor. It should look like this:
-----BEGIN CERTIFICATE----- MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 ... -----END CERTIFICATE----- Certificate: Data: Version: 1 (0x0) Serial Number: ...
You rename the file to "0d188d89.0"
Copy the file with adb or something else to /system/etc/security/cacerts/.
You can check by just going into settings / security / trusted credentials / system The certs are sorted by the "Organization" field from the certs.
Information used from: http://nelenkov.blogspot.de/2011/12/ics-trust-store-implementation.html