Adding root CA certificates to android 2.2

Lately I have been doing some Android development, and I wanted to be able to use both of my Android smartphones an HTC Desire (Android 2.2), and a Padfone2 (Android 4.1.1) sounds easy right? Well it is, if you don’t need to do HTTPS requests to your own server that has a self signed certificate, in that case because my certificate was not issued by a trusted root CA, I would get an exception.

Now the solution for my Padfone was easy, just copy my root CA certificate, install, and all is good again.
The real pain was the Desire because Android 2.2 does not allow me to install root CA certificates, so here I leave the steps to add certificates to the trusted root keystore in Android 2.2


First of all you need to get the cacerts.bks from your phone, located in “/system/etc/security/cacerts.bks”, I copied mine using Root Browser to the SD card, and then to my computer.
Using Portecle I opened the keystore (no password), and added my root certificate, the important part is that the certificate format MUST be X.509 Base64 encoded otherwise any app that tries to use the keystore will crash.
Saved the keystore with the new certificate added, and copied it back to the phone, as a security measure I recommend to make a backup of the original one, set the original permissions “rw-r–r–” and owner:group “root:root”.
After this is done all that is needed is to reboot the phone so it reads the new keystore and you should be able to open your HTTPS websites without any warning.

Leave a Reply

Your email address will not be published. Required fields are marked *