The same problem applies to companies / individuals who need certificates for accessing wifi - since KitKat you are always greeted with a big message telling you, that your network might be monitored.
The solution to this problem is to install the certificate on your rooted phone's internal storage; this also has the side effect that a secure lockscreen is not needed (but I still recommend it for rooted phones!).
This is a guide written for Nexus 5 devices. If the file /system/etc/security/cacerts.bks exists on your device, refer to this tutorial.
- Add the certificate to your custom certificates in Android Settings
- Move the new file from /data/misc/keychain/cacerts-added/ to /system/etc/security/cacerts/
- Save your certificate in the PEM format
- Get the subject of the certificate with "openssl x509 -inform PEM -subject_hash -in CERTIFICATE.FILE" It should be in a format similar to eg "0b112a89"
- Save the certificate into a text file with "openssl x509 -inform PEM -text -in CERTIFICATE.FILE > yourcert.txt"
- Switch the PEM section and the text, "-----BEGIN CERTIFICATE-----[...]" has to be at the beginning of the file
- Rename the file to 0b112a89.0 (replace with the subject you got in step 2)
- Copy the file into /system/etc/security/cacerts/ and make sure chmod permissions are set to 0644 (rw,r,r)
- Your certificate should now show up in the trusted certificate list
- If that doesn't work, disable and enable the certificate in Android Settings, which creates a file in /data/misc/keychain/cacerts-added/. Move that file to /system/etc/security/cacerts/ and delete your original file from step 6
I hope that helps some people out there solving this annoyance.