Revision history [back]

[How-To] Import TLS certificate into Android support

I needed a way to import own TLS certificates so that Android apps trust them. This is different to adding certs to SfOS, the Android subsystem doesn't use the same cert store as Sailfish does.

${yourCert.pem} denotes the certificate you want to import

Add plaintext description: don't think that's really necessary, but all other certs I found in the certificate directory looked the same way. Besides, it is helpful to identify the certificate later.

openssl x509 -in ${yourCert.pem} -noout -text >> ${yourCert.pem}
determine md5 hash which will become part of the file name:

openssl x509 -subject_hash_old -noout -in ${yourCert.pem}
copy to proper location:
I also tried /opt/alien/data_jolla/misc/keychain/certs-added/ (would be cleaner to put it there), but K-9 Mail didn't used it from there

mv ${yourCert.pem} /opt/alien/system/etc/security/cacerts/${theMD5Value}.0
Reboot, just to be sure

References: https://blog.kylemanna.com/android/android-ca-certificates/#installing-a-root-ca-certificate-on-android

[How-To] Import TLS certificate into Android support

I needed a way to import own TLS certificates so that Android apps trust them. This is different to adding certs to SfOS, the Android subsystem doesn't use the same cert store as Sailfish does.

${yourCert.pem} denotes the certificate you want to import

Add
1.Add plaintext description: don't think that's really necessary, but all other certs I found in the certificate directory looked the same way. Besides, it is helpful to identify the certificate later.

~~openssl x509 -in ${yourCert.pem} -noout -text >> ${yourCert.pem}~~

determine ${yourCert.pem}
2.determine md5 hash which will become part of the file name:

~~openssl x509 -subject_hash_old -noout -in ${yourCert.pem}~~

${yourCert.pem}
3.rename & copy to proper location:
I also tried /opt/alien/data_jolla/misc/keychain/certs-added/ (would be cleaner to put it there), but K-9 Mail didn't used it from there

~~mv ${yourCert.pem} /opt/alien/system/etc/security/cacerts/${theMD5Value}.0~~
/opt/alien/system/etc/security/cacerts/${theMD5Value}.0

~~Reboot, just to be sure~~

References: https://blog.kylemanna.com/android/android-ca-certificates/#installing-a-root-ca-certificate-on-android

[How-To] Import TLS certificate into Android support

I needed a way to import own TLS certificates so that Android apps trust them. This is different to adding certs to SfOS, the Android subsystem doesn't use the same cert store as Sailfish does.

${yourCert.pem} denotes the certificate you want to ~~import~~import.

The first two steps require openssl. -> You need developer mode enabled to install openssl:

pkcon install openssl

You can also perform these steps locally on your Linux machine and not on the phone.

1.Add plaintext description: don't think that's really necessary, but all other certs I found in the certificate directory looked the same way. Besides, it is helpful to identify the certificate later.

openssl x509 -in ${yourCert.pem} -noout -text >> ${yourCert.pem}

2.determine md5 hash which will become part of the file name:

openssl x509 -subject_hash_old -noout -in ${yourCert.pem}

3.rename & copy to proper location:
I also tried /opt/alien/data_jolla/misc/keychain/certs-added/ (would be cleaner to put it there), but K-9 Mail didn't used it from there

mv ${yourCert.pem} /opt/alien/system/etc/security/cacerts/${theMD5Value}.0

Reboot, just to be sure

References: https://blog.kylemanna.com/android/android-ca-certificates/#installing-a-root-ca-certificate-on-android

[How-To] Import TLS certificate into Android support

I needed a way to import own TLS certificates so that Android apps trust them. This is different to adding certs to SfOS, the Android subsystem doesn't use the same cert store as Sailfish does.

${yourCert.pem}
Note: If you are not familiar with the shell, read a guide like https://guide.bash.academy/?=Chapters#h0.3 first! ${CERTFILE} denotes the certificate you want to import. import. -> You can set CERTFILE=/the/path/to/your/certificate/you/want/to/install and copy&paste all other commands without adapting this ...
The first two steps require openssl. -> You need developer mode enabled to install openssl: pkcon install openssl You can also perform these the next 2 steps locally on your Linux machine and not on the phone. 1.Add plaintext description: don't think that's really necessary, but all other certs I found in the certificate directory looked the same way. Besides, it is helpful to identify the certificate later. openssl x509 -in ${yourCert.pem} "${CERTFILE}" -noout -text >> ${yourCert.pem} "${CERTFILE}" 2.determine md5 hash which will become part of the file name: openssl AnMD5Value=$(openssl x509 -subject_hash_old -noout -in ${yourCert.pem} "${CERTFILE}") 3.rename & copy to proper location: I also tried /opt/alien/data_jolla/misc/keychain/certs-added/ (would be cleaner to put it there), but K-9 Mail didn't used it from there devel-su mv ${yourCert.pem} /opt/alien/system/etc/security/cacerts/${theMD5Value}.0 "${CERTFILE}" /opt/alien/system/etc/security/cacerts/"${AnMD5Value}".0 Reboot, just to be sure References: https://blog.kylemanna.com/android/android-ca-certificates/#installing-a-root-ca-certificate-on-android