Remove user and ca certificate on Android 4.0

Remove user and ca certificate on Android 4.0 - android

After two hours of research I'm wondering if there's a way to remove ca and user certificates from Android 4.0 (with root access).
The android settings menu is very poor in function (doesn't even have a filter field) and doesn't delete
The only certificate manager I found was CACertMan which hangs on loading certificates.
Any ideas?

Related

ProxyMan Install CA certificates in Settings for Android Devices

To intercept the api and modify the api response locally, I was setting up ProxyMan to my android device Pixel-4a and faced this popup Install CA certificates in Settings after I tried to hit http://proxy.man/ssl to install the CA certificate from ProxyMan to my device I face the error popup as attached, earlier in my older device it worked fine however for my new device I'm facing this issue, when I click CLOSE on the popup window, a toast message appears : Failed to install certificate.
I'm facing the issue in Pixel 4a, however the same works fine in Moto X-Play, attached is the screenshot of the popup.
Similar question I found is here, however this doesn't helped me, or I was not able to understand the exact issue, since I'm facing this specifically with ProxyMan and the question asked is for VPN.
If anyone using proxyMan for intercepting the api on real android device and faced the same issue please help, I'm blocked on this issue and can't move anywhere in my android device, my precise question is:
Is there any option to reach to the settings where the device certificates are present and how can I add the proxyMan certificate with those certificate?

I got the solution here,
Once I hit the api http://proxy.man/ssl, the certificate were downloaded in my download package however it was not installed automatically since from Android 11 certificate can not be install automatically and user have to install it manually by following steps:
Install a certificate
Open your phone's Settings app.
Tap Security And then Advanced settings and then Encryption & credentials.
Tap Install a certificate And then CA certificate.
In the top left, tap Menu .
Tap where you saved the certificate.[in my case it was downloads]
Tap the file.
If needed, enter the key store password. Tap OK.
Enter a name for the certificate.
Tap OK.

Android Firefox constantly prompting to Accept Risk for mkcert-created SSL certificate

In my dev laptop I installed an SSL cert using mkcert. Works fine in all desktop browsers. They don't even prompt to accept the "risk" and continue. But in my Android phone on the same LAN (with the dev subdomain in dns) I get that prompt from both Chrome and Firefox. That would be acceptable, except Firefox prompts pretty much every time I return focus to the app. It gets annoying having to click two extra buttons (Advanced then Accept Risk and Continue) for every code change that needs to be tested in all browsers.
Is there any way to make Android Firefox permanently accept the cert or any other solution?

Took a while, but I figured it out!
First transfer copy of the rootCA.pem cert file from laptop to phone.
File location found via CLI: mkcert -CAROOT
Then install the cert file in Android settings, the location of which varies per device and Android version.
In my phone it was in: Android Settings / General / Lock screen & security / Encryption & credentials / Install from storage
You might have to restart the phone. Also might have to click TRUST on the cert in Android settings.
Then enable Firefox secret settings by clicking multiple times on the Firefox logo in the About page, then in secret settings enable "Use third party CA certificates".
Voila!

Add Root Certificate into Android OS

Can anyone give me a hint if it is possible to ask Android to include (or 'trust') additional Root CA in their OS ( which will be updated during next update and pre installed on the new instances)?
At this moment each website which use SSL certificate for https which is signed by our Certificate Authority is asking for trusting this website by showing
untrusted connection warning
Of course installing certificate manually solve the problem, but this is not the case considering number of operation which user has to make in order to use the website without concerns that he is being attacked by some kind of men in the middle attack.
For the record we have pass audits made by the independent organizations.

Root Certificate Policy - The Chromium Projects says:
If you are a root CA, the following contacts should be used:
...
Android: Please file a bug at
http://code.google.com/p/android/issues/entry . Note that, similar to
Linux, the certificates included within the Android sources may be
further altered by device manufacturers or carriers, pursuant to their
local programs.

How to programmatically install a CA Certificate (for EAP WiFi configuration) in Android?

My objective:
Create an EAP WiFi configuration - including the CA Certificate - in Android programmitcally.
Problem:
How do I install a CA Certificate programmatically (and then reference that certificate in the EAP WiFi configuration)?
I found a very useful link already that allows me to create and save EAP WiFi configurations here:
How to programmatically create and read WEP/EAP WiFi configurations in Android?
However this assumes that you have already installed the CA Certificate on the device. I would like to install the certificate within my app - either from the resources in the app, or sent from a server.
Is this even possible? (Rooting is not an option in this case.)
If so, how?
Additional info...
I also found a way to add a certificate to a KeyStore:
https://stackoverflow.com/a/4490543/1172101
However this is used specifically for creating a secure socket and connecting via HTTPS. I want to use the certificate for WiFi.
Unfortunately, I have yet to find a way to install a CA Certificate programmatically - from within the app.
However, it is possible to install a certificate via the Web browser in Android. Thus, the solution (for now) is to:
Launch an intent to open a URL in the Web browser that goes directly to the CA certificate.
This works but there are some challenges:
The user must name the certificate. This is a challenge because we are adding the WiFi configuration programmitically. Thus we have to ask the user to give the certificate the same name.
The user must enter a password. If they don't have a password set up, the user will create one and enter it twice. If they have set a security password, the user will have to remember that same password and enter it.
Assuming the user successfully completes these steps, he is left hanging in the browser.
This leads to a few questions:
From my app, is there a way to force a name for the certificate that the user installs via the browser?
From my app, is there any way to know when the certificate installation has completed and then give focus back to my app?
Just let me know if you need any clarification.

You cannot install it directly since non-system applications don't have access to the key store. On ICS, there is an API for this KeyChain.createInstallIntent() that would launch a system dialog asking the user whether they want to install the certificate. On pre-ICS you can achieve the same thing by launching the install intent using the component name directly (this may or may not work on all devices though). Going through the browser is actually a roundabout way of doing the same thing.
As for your questions:
you cannot specify/force a name. Why do you care about the actual name?
Not really through the browser. If you use the system intent, you can return to your activity and will get a callback if you use startActivityForResult().
Update: Android 4.3 has WifiEnterpriseConfig which both creates a profile and installs keys and certificates in the system credential store. You only need the CHANGE_WIFI_STATE permission.

I am currently looking to solve the same issues. The best thing that I have found is KeyChain.choosePrivateKeyAlias() allowing the user to select which certificate to use for the SSL. From there you can retrieve the Alias name and pass it to the enterprise wifi configuration.

I'm looking for the same... as for your question, #Nikolay:
you cannot specify/force a name. Why do you care about the actual name?
The EAP profile needs the name of the already-installed-CA. If you look at the example in part 4, you can specify:
final String ENTERPRISE_CA_CERT = "";
In the example, the profile does not use the CA name, but that could be the case for other EAP profiles.

How do you use a .p12 certificate on Android?

How do you use a .p12 certificate on Android?
I tried adding it at Menu/Settings/Location and security.
When I do this the certificate disappears from the SD card but when I go to the website that needs the .p12-certificate I just get a connection error.
The certificate, password, and URL are all good. I triple checked them.
I am not the only one with this issue, right? My colleagues with iPad / iPhone can use it easily but on Android it's a pain in the ass. They just double click on the .p12 file, give certificate password, and they are set.
How come it's not like this on Android?

Make sure you copy the certificates to root of SD card.
Click on Settings->Location & Security/Security->(Install from SD card(scroll down -> Credential Storage).
Select the certificate.

Things have changed since the last answer in 2011. I'm doing this from an emulated Pixel 2 running Android R (version 10).
It's now possible to install the certificate from a download or from a google drive. The difference is trivial.
Installation
Settings->Security->Advanced->Encryption & credentials->Install a certificate
Here you'll select the type of certificate you want to install. In my case it's a CA certificate (Certificate Authority) which I use to test some systems.
At this point you'll get a warning screen. It's kind of important as the entire basis of your device's security relies on the integrity of your certificates. If this is messed up, your device will have to be wiped to be secure again.
But I assume you know what you're doing.
tap Install anyway.
You're taken to a screen with files in your Downloads directory. You can scroll around to see the possibilities. You can also click on the hamburger icon in the top left to reveal more options, such as listing your google drive account.
Tap on the certificate file you want to install
You may see a popup dialog will asking you for the password to extract certificates. Hopefully the entity that supplied you with the certificate also gave you a password.
Type in the password and cross your fingers.
If all is well you'll get a Toast saying that the certificate was installed.
Verification
You can view the certificates you have installed by via the following path:
Settings->Security->Advanced->Encryption & credentials->Trusted credentials and then clicking the USER tab.
Removing a certificate is as simple as tapping on it and then tapping the Remove button.

To import the certificate, all I had to do was to use the My Files app (or any app allowing to browse your filesystem), and then click on the p12 file. Once the certificate was imported, the apps requiring it for log-in prompted the option of using it.

Develop Reference

The Android operating system is a mobile operating system that was developed by Google (GOOGL?) to be primarily used for touchscreen devices, cell phones, and tablets.