Cacerts.bks does not exist

Question

Cacerts.bks does not exist

I connected my Android (4.0.4) phone and installed an application that proxies all HTTP traffic through my computer. This works fine, and I can see and modify all HTTP requests. But HTTPS traffic does not pass. I exported the certificate of my proxy server, but found that there is no cacert.bks file in the /system/etc/security wand.

So, how can I add my own certificate to the list of trusted certificates using keytool ?

+6

android https ssl-certificate keytool sniffing

1 'OR 1 - Dec 20 '12 at 21:45

source share

3 answers

Afaik, you do not need to root your device to install your trusted certificates after ICS. There are settings for this.

http://support.google.com/android/bin/answer.py?hl=en&answer=1649774

+3

Akdeniz Dec 21 '12 at 1:13

source share

Due to using odes opensll (0.9. *) On android, I had to use "-subject_hash_old" instead of -subject_hash "in the post fooobar.com/questions/933321 / ... of user user2708846 here.

I summarized the steps that I took (including changing the file permissions, copying the file to the Android device and help in verifying the installation of certificates) in the cyanogenmod forum http://forum.cyanogenmod.com/topic/82875-installing- cacert-certificates-on-android-as-system-credentials-without-lockscreen / and on my own blog http://wiki.pcprobleemloos.nl/android/

+2

sgiebels Nov 28 '13 at 16:54

source share

user2708846 · Accepted Answer · 2013-08-22T20:25:33+0000

I am having a problem with a self-signed web server certificate that I could not install, just open it. I have "CertInstaller (28614): the corresponding private key was not found" in logcat. My decision:

If you want to install new certificates in the cacert store of the Android system when it no longer uses the bks file:

You must have a root, of course.

You should receive a certificate (export from a browser) in the form of a pem format. PEM is an encoded format, for example:

 -----BEGIN CERTIFICATE----- MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 ... -----END CERTIFICATE-----

You need to get a hash for the topic name.
openssl x509 -inform PEM -subject_hash -in yourcert.crt

You will get something like 0d188d89.

You should receive a text version of the certificate.
openssl x509 -inform PEM -text -in yourcert.crt> yourcert.txt
You need to switch the text and pem section in the editor. It should look like this:

 -----BEGIN CERTIFICATE----- MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 ... -----END CERTIFICATE----- Certificate: Data: Version: 1 (0x0) Serial Number: ...

You will rename the file to "0d188d89.0"
Copy the file using adb or something else to / system / etc / security / cacerts /.

You can verify by simply going to Settings / Security / Trusted Credentials / System. Certificates are sorted by the "Organization" field from the certificates.

Information used from: http://nelenkov.blogspot.de/2011/12/ics-trust-store-implementation.html

Cacerts.bks does not exist

More articles: