FORUMS
Remove All Ads from XDA

HOWTO Install a custom cert without "Your network could be monitored" message

97 posts
Thanks Meter: 77
 
By forceu, Member on 19th November 2013, 10:42 AM
Post Reply Email Thread
As an app developer, I have various servers to process my orders / act as backups etc - to enable secure connections, I am using SSL, but it would be a waste of money to buy a certificate just for internal communication.

The same problem applies to companies / individuals who need certificates for accessing wifi - since KitKat you are always greeted with a big message telling you, that your network might be monitored.

The solution to this problem is to install the certificate on your rooted phone's internal storage; this also has the side effect that a secure lockscreen is not needed (but I still recommend it for rooted phones!).

How-To:

This is a guide written for Nexus 5 devices. If the file /system/etc/security/cacerts.bks exists on your device, refer to this tutorial.

Method 1:
  1. Add the certificate to your custom certificates in Android Settings
  2. Move the new file from /data/misc/keychain/cacerts-added/ to /system/etc/security/cacerts/

Method 2:
  1. Save your certificate in the PEM format
  2. Get the subject of the certificate with "openssl x509 -inform PEM -subject_hash -in CERTIFICATE.FILE" It should be in a format similar to eg "0b112a89"
  3. Save the certificate into a text file with "openssl x509 -inform PEM -text -in CERTIFICATE.FILE > yourcert.txt"
  4. Switch the PEM section and the text, "-----BEGIN CERTIFICATE-----[...]" has to be at the beginning of the file
  5. Rename the file to 0b112a89.0 (replace with the subject you got in step 2)
  6. Copy the file into /system/etc/security/cacerts/ and make sure chmod permissions are set to 0644 (rw,r,r)
  7. Your certificate should now show up in the trusted certificate list
  8. If that doesn't work, disable and enable the certificate in Android Settings, which creates a file in /data/misc/keychain/cacerts-added/. Move that file to /system/etc/security/cacerts/ and delete your original file from step 6



I hope that helps some people out there solving this annoyance.

Source: http://stackoverflow.com/a/18390177/819367
The Following 26 Users Say Thank You to forceu For This Useful Post: [ View ] Gift forceu Ad-Free
 
 
King ov Hell
20th November 2013, 03:27 PM |#2  
Guest
Thanks Meter: 0
 
More
It's public.Congratulations
20th November 2013, 10:41 PM |#3  
Guest
Thanks Meter: 913
 
More
will this work on other devices?
21st November 2013, 12:34 AM |#4  
SubZero5's Avatar
Senior Member
Flag Istanbul, TR
Thanks Meter: 11
 
More
Worked on my i9300 on 4.3

Got CaCert.org Root Certificate (PEM Format) at http://www.cacert.org/certs/root.crt renamed to 5ed36f99.0 and dropped in /system/etc/security/cacerts/ with chmod 644 and chown root:root
21st November 2013, 08:37 AM |#5  
forceu's Avatar
OP Member
Thanks Meter: 77
 
More
Quote:
Originally Posted by arDroid.99

will this work on other devices?

Yes, it should work on almost all Android Devices.
8th December 2013, 08:42 PM |#6  
Member
Thanks Meter: 10
 
More
procedure for cacert.org certificates installation
Here is my proc using linux. Adapt it to your environment:
Code:
$ wget https://www.cacert.org/certs/root.crt
$ wget https://www.cacert.org/certs/class3.crt
$ cat root.crt > 5ed36f99.0
$ cat class3.crt > e5662767.0
$ openssl x509 -inform PEM -text -in root.crt -out /dev/null >> 5ed36f99.0
$ openssl x509 -inform PEM -text -in class3.crt -out /dev/null >> e5662767.0
$ ~/bin/android-sdk-linux/platform-tools/adb push e5662767.0 /sdcard/
$ ~/bin/android-sdk-linux/platform-tools/adb push 5ed36f99.0 /sdcard/
$ ~/bin/android-sdk-linux/platform-tools/adb shell
su
mount -o remount,rw /system
cp /sdcard/5ed36f99.0 /system/etc/security/cacerts/
cp /sdcard/e5662767.0 /system/etc/security/cacerts/
cd /system/etc/security/cacerts/
chmod 644 5ed36f99.0
chmod 644 e5662767.0
reboot
Enjoy

origin: https://fralef.me/links/?EZ9QtA
21st February 2014, 08:37 PM |#7  
mase76's Avatar
Senior Member
Thanks Meter: 28
 
More
Tried it and works on Cyanogenmod 11. But it does not seem to survive a rom
update.
21st February 2014, 08:43 PM |#8  
bmg002's Avatar
Senior Member
Thanks Meter: 210
 
More
Quote:
Originally Posted by mase76

Tried it and works on Cyanogenmod 11. But it does not seem to survive a rom
update.

if I am not mistaken, that is expected behavior. /system gets blown away when you do a rom update.
21st February 2014, 08:52 PM |#9  
mase76's Avatar
Senior Member
Thanks Meter: 28
 
More
Quote:
Originally Posted by bmg002

if I am not mistaken, that is expected behavior. /system gets blown away when you do a rom update.

Yes, it is. So I have to remember to copy it back after flashing.
22nd February 2014, 06:47 PM |#10  
Junior Member
Thanks Meter: 4
 
More
ok stupid question what program are you using to move the certs. i am kinda new at this and i have tired 3 diffrent root exploers and i still get access denied when i tired to move cert files. and yes i am rooted.
22nd February 2014, 10:14 PM |#11  
bmg002's Avatar
Senior Member
Thanks Meter: 210
 
More
You need one that will remount system as rw. I like root explorer myself

Sent from my SAMSUNG-SGH-T989 using xda app-developers app
Post Reply Subscribe to Thread

Tags
kitkat certificate

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes