I have created my own CA certificate and now I want to install it on my Android Froyo device (HTC Desire Z), so that the device trusts my certificate.
Android stores CA certificates in its Java keystore in /system/etc/security/cacerts.bks. I copied the file to my computer, added my certificate using portecle 1.5 and pushed it back to the device.
Now, Android does not seem to reload the file automatically. I have read in several blog posts that I need to restart the device. Doing so results in the file being overwritten with the original one again.
My next try was to install the certificate from SD card by copying it and using the according option from the settings menu. The device tells me that the certificate has been installed, but apparently it does not trust the certificate. Moreover, when I try to copy the keystore to my computer, I still find the original stock cacerts.bks.
So, what is the right way to install my own root CA certificate on an Android 2.2 device as a trusted certificate? Is there a way to do it programmatically?
解决方案
From Android 4.0 onwards this is now possible. I was easily able to install the Charles Web Debbuging Proxy cert on my un-rooted device and successfully sniff SSL traffic.
Before Android version 4.0, with Android version Gingerbread & Froyo, there was a single read-only file ( /system/etc/security/cacerts.bks ) containing the trust store with all the CA ('system') certificates trusted by default on Android. Both system apps and all applications developed with the Android SDK use this. Use these instructions on installing CAcert certificates on Android Gingerbread, Froyo, ...
Starting from Android 4.0 (Android ICS/'Ice Cream Sandwich', Android 4.3 'Jelly Bean' & Android 4.4 'KitKat'), system trusted certificates are on the (read-only) system partition in the folder '/system/etc/security/' as individual files. However, users can now easily add their own 'user' certificates which will be stored in '/data/misc/keychain/certs-added'.
System-installed certificates can be managed on the Android device in the Settings -> Security -> Certificates -> 'System'-section, whereas the user trusted certificates are manged in the 'User'-section there. When using user trusted certificates, Android will force the user of the Android device to implement additional safety measures: the use of a PIN-code, a pattern-lock or a password to unlock the device are mandatory when user-supplied certificates are used.
Installing CAcert certificates as 'user trusted'-certificates is very easy. Installing new certificates as 'system trusted'-certificates requires more work (and requires root access), but it has the advantage of avoiding the Android lockscreen requirement.
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
