生成系统数字证书
使用方法:
The filenames in the cacerts directory are in the format of .
where "hash" is the subject hash produced by:
openssl x509 -subject_hash -in filename
and the "n" is a unique integer identifier starting at 0 to deal
with collisions. See OpenSSL's c_rehash manpage for details.
生成hash数字命令:
# openssl x509 -subject_hash -in screeneo_int_ca.crt
1111f51f
-----BEGIN CERTIFICATE-----
MIIDezCCAmOgAwIBAgIJAJe1oJAy2pymMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
BAYTAkZSMREwDwYDVQQKDAhTYWdlbWNvbTEYMBYGA1UECwwPU2FnZW1jb20gUmV0
YWlsMRgwFgYDVQQDDA9TQ1JFRU5FT19JTlQgQ0EwHhcNMTQxMDIyMTQyNDMwWhcN
MzQxMDE3MTQyNDMwWjBUMQswCQYDVQQGEwJGUjERMA8GA1UECgwIU2FnZW1jb20x
GDAWBgNVBAsMD1NhZ2VtY29tIFJldGFpbDEYMBYGA1UEAwwPU0NSRUVORU9fSU5U
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0apqVFQHPVLLWL5L
f2qPBldLWPjKDxvnpjiGlLc6LVwBran3xdM3i/nPDDNG2GBmv7WjTol9DPMupoN5
cMhN4+6hfe7vE1DlB1qhgj/bpBD43FkQjvmO8QYjcXLvv09/B3uta/JdEAQly07Z
Qp4rUhNT0pHhcIMe2Cf+0XWhKQdOKS0DrqtTrEp3mtXrqCKOllhCU9jhugaMerRb
R/wkTBJHoLbRTDtcp3rKMjVxWOlB1QrnCruz8YMPFzrtq/pef/m85Xk9sMDRZbHM
2osqLwvOsMILrDIoRrztRboa9R6TzKmmna7iiyWOOZOp9Z2pnEuIt1gSwYiqv070
rrVd7QIDAQABo1AwTjAdBgNVHQ4EFgQUNsm2/0Sv2phzg7zzKyKVusk8/0MwHwYD
VR0jBBgwFoAUNsm2/0Sv2phzg7zzKyKVusk8/0MwDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQUFAAOCAQEApG7zkmqp+4AJcnPyMUoLQbyhlUlnkwRam7OhxaNoLDXs
TVPJjICurntOQfLcUPvoh+Pc3d42rKo7TM/wGgc1kHAv0TSrc25rH2tUeaEiF2zZ
hrZ7u3kiS7Bgph1g1Xt+zhDi00FwMn307LL5Q6Z0UmdGkJJHvZcLM9kRpD47TBkE
CTwaBluEjXuTS3R5XaRLmBdmXfyJUj59KFaHjP+NhegDclpKmWWXzc3W9fMkIOFi
57UjOHwYWZ9ZZIccGZpnYMsucXtJAGfLloZHJ/ZUP3E5xmt5xMEGv9ZVXLXOcTJj
BvhJ/P81UZbR1euZUHkfBvbDh9wFeoknTDvm65zK3w==
2)crt文件重命名
Base64文本格式的根证书文件screeneo_int_ca.crt 重命名为1111f51f.0复制到/libcore/luni/src/main/files/cacerts目录下面
3)编译,生成系统,将1111f51f.0将会被添加到系统根证书中。在out目录下面将会看到
/system/etc/security/cacerts文件夹里有新的证书。
4)验证
到设置(Settings) – 安全(Security) – 受信任的凭据(Trusted credentials)里面,此时你要安装的根证书应该会显示已经安装好了。这样安装之后根证书是作为系统证书使用的。
使用方法:
The filenames in the cacerts directory are in the format of .
where "hash" is the subject hash produced by:
openssl x509 -subject_hash -in filename
and the "n" is a unique integer identifier starting at 0 to deal
with collisions. See OpenSSL's c_rehash manpage for details.
生成hash数字命令:
# openssl x509 -subject_hash -in screeneo_int_ca.crt
1111f51f
-----BEGIN CERTIFICATE-----
MIIDezCCAmOgAwIBAgIJAJe1oJAy2pymMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
BAYTAkZSMREwDwYDVQQKDAhTYWdlbWNvbTEYMBYGA1UECwwPU2FnZW1jb20gUmV0
YWlsMRgwFgYDVQQDDA9TQ1JFRU5FT19JTlQgQ0EwHhcNMTQxMDIyMTQyNDMwWhcN
MzQxMDE3MTQyNDMwWjBUMQswCQYDVQQGEwJGUjERMA8GA1UECgwIU2FnZW1jb20x
GDAWBgNVBAsMD1NhZ2VtY29tIFJldGFpbDEYMBYGA1UEAwwPU0NSRUVORU9fSU5U
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0apqVFQHPVLLWL5L
f2qPBldLWPjKDxvnpjiGlLc6LVwBran3xdM3i/nPDDNG2GBmv7WjTol9DPMupoN5
cMhN4+6hfe7vE1DlB1qhgj/bpBD43FkQjvmO8QYjcXLvv09/B3uta/JdEAQly07Z
Qp4rUhNT0pHhcIMe2Cf+0XWhKQdOKS0DrqtTrEp3mtXrqCKOllhCU9jhugaMerRb
R/wkTBJHoLbRTDtcp3rKMjVxWOlB1QrnCruz8YMPFzrtq/pef/m85Xk9sMDRZbHM
2osqLwvOsMILrDIoRrztRboa9R6TzKmmna7iiyWOOZOp9Z2pnEuIt1gSwYiqv070
rrVd7QIDAQABo1AwTjAdBgNVHQ4EFgQUNsm2/0Sv2phzg7zzKyKVusk8/0MwHwYD
VR0jBBgwFoAUNsm2/0Sv2phzg7zzKyKVusk8/0MwDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQUFAAOCAQEApG7zkmqp+4AJcnPyMUoLQbyhlUlnkwRam7OhxaNoLDXs
TVPJjICurntOQfLcUPvoh+Pc3d42rKo7TM/wGgc1kHAv0TSrc25rH2tUeaEiF2zZ
hrZ7u3kiS7Bgph1g1Xt+zhDi00FwMn307LL5Q6Z0UmdGkJJHvZcLM9kRpD47TBkE
CTwaBluEjXuTS3R5XaRLmBdmXfyJUj59KFaHjP+NhegDclpKmWWXzc3W9fMkIOFi
57UjOHwYWZ9ZZIccGZpnYMsucXtJAGfLloZHJ/ZUP3E5xmt5xMEGv9ZVXLXOcTJj
BvhJ/P81UZbR1euZUHkfBvbDh9wFeoknTDvm65zK3w==
2)crt文件重命名
Base64文本格式的根证书文件screeneo_int_ca.crt 重命名为1111f51f.0复制到/libcore/luni/src/main/files/cacerts目录下面
3)编译,生成系统,将1111f51f.0将会被添加到系统根证书中。在out目录下面将会看到
/system/etc/security/cacerts文件夹里有新的证书。
4)验证
到设置(Settings) – 安全(Security) – 受信任的凭据(Trusted credentials)里面,此时你要安装的根证书应该会显示已经安装好了。这样安装之后根证书是作为系统证书使用的。