[How-To] Import TLS certificate into Android support

asked 2018-04-21 19:37:13 +0300

takimata gravatar image

updated 2018-09-13 19:47:26 +0300

I needed a way to import own TLS certificates so that Android apps trust them. This is different to adding certs to SfOS, the Android subsystem doesn't use the same cert store as Sailfish does.

${yourCert.pem} denotes the certificate you want to import.

The first two steps require openssl. -> You need developer mode enabled to install openssl:

pkcon install openssl

You can also perform these steps locally on your Linux machine and not on the phone.

1.Add plaintext description: don't think that's really necessary, but all other certs I found in the certificate directory looked the same way. Besides, it is helpful to identify the certificate later.

openssl x509 -in ${yourCert.pem} -noout -text >> ${yourCert.pem}

2.determine md5 hash which will become part of the file name:

openssl x509 -subject_hash_old -noout -in ${yourCert.pem}

3.rename & copy to proper location:
I also tried /opt/alien/data_jolla/misc/keychain/certs-added/ (would be cleaner to put it there), but K-9 Mail didn't used it from there

mv ${yourCert.pem} /opt/alien/system/etc/security/cacerts/${theMD5Value}.0
  • Reboot, just to be sure

References: https://blog.kylemanna.com/android/android-ca-certificates/#installing-a-root-ca-certificate-on-android

edit retag flag offensive close delete

Comments

I wanna try your How-to, but fail on the first step. Where to find this ${yourCert.pem} on my phone? I mean there is a lot of TLS certs available in the settings area, but which one to take and where are the files? Thanks for your help in advance.

Vieno ( 2018-09-14 22:20:35 +0300 )edit