I had created an app which would internally generate key pair and use the same to encrypt/decrypt some sample data.
Now my requirement is to use the key pair from an installed certificate on the device to encrypt/decrypt.
To try this I had installed a test certificate which I downloaded from some site. When I installed the certificate, I got message saying that certificate was installed successfully. But I am unable to find that certificate in
Settings→Security→Trusted credentials→System/User.
I don't know whether the certificate really got installed or not.
So I would like to know what is the correct procedure to install a digital certificate on an Android device with 4.1.2 android OS.
So I would like to know what is the correct procedure to install a digital certificate on an Android device with 4.1.2 android OS
From Android Help Center, Working with Certificates:
Install client & CA certificates
To install a certificate from your device's internal storage:
Copy the certificate or key store from your computer to the root of your device's internal storage (that is, not in a folder).
Go to Settings > Personal > Security > Credential storage > Install from storage.
Touch the filename of the certificate or keystore to install. Only certificates that you haven't already installed are displayed.
If prompted, enter the key store password and touch OK.
Enter a name for the certificate and choose either VPN and apps or Wi-Fi in the credential use menu, and touch OK.
Work with CA certificates
Touch Settings > Personal > Security > Credential storage > Trusted credentials. The trusted credentials screen has two tabs:
System displays certificate authority (CA) certificates that are
permanently installed in the ROM of your phone.
User displays any CA certificates that you have installed yourself,
for example in the process of installing a client certificate.
To examine the details of CA certificate, touch its name. A scrolling screen displays the details.
To remove or disable a CA certificate, scroll down to the bottom of the details screen and touch either Disable for system certificates or
Remove for user certificates.
When you disable a system CA certificate, the button at the bottom of
its details screen changes to Enable, so you can enable the
certificate again if necessary. When you remove a user-installed CA
certificate, it is gone permanently and must be re-installed if you
want it back.
In the confirmation dialog that appears, touch OK.
Related
To intercept the api and modify the api response locally, I was setting up ProxyMan to my android device Pixel-4a and faced this popup Install CA certificates in Settings after I tried to hit http://proxy.man/ssl to install the CA certificate from ProxyMan to my device I face the error popup as attached, earlier in my older device it worked fine however for my new device I'm facing this issue, when I click CLOSE on the popup window, a toast message appears : Failed to install certificate.
I'm facing the issue in Pixel 4a, however the same works fine in Moto X-Play, attached is the screenshot of the popup.
Similar question I found is here, however this doesn't helped me, or I was not able to understand the exact issue, since I'm facing this specifically with ProxyMan and the question asked is for VPN.
If anyone using proxyMan for intercepting the api on real android device and faced the same issue please help, I'm blocked on this issue and can't move anywhere in my android device, my precise question is:
Is there any option to reach to the settings where the device certificates are present and how can I add the proxyMan certificate with those certificate?
I got the solution here,
Once I hit the api http://proxy.man/ssl, the certificate were downloaded in my download package however it was not installed automatically since from Android 11 certificate can not be install automatically and user have to install it manually by following steps:
Install a certificate
Open your phone's Settings app.
Tap Security And then Advanced settings and then Encryption & credentials.
Tap Install a certificate And then CA certificate.
In the top left, tap Menu .
Tap where you saved the certificate.[in my case it was downloads]
Tap the file.
If needed, enter the key store password. Tap OK.
Enter a name for the certificate.
Tap OK.
I want to make sure I understand which Certificate Authorities are really trusted by Google Chrome so I can implement similar logic in my custom browser using WebView. I followed these steps:
Open Settings.
Tap “Security & location”
Tap “Encryption & credentials”
Tap “Trusted credentials.” This will display a list of all trusted certs on the device.
The list is Alphabetical and Sectigo RSA Extended Validation Secure Server CA is not there. However when I start Google Chrome and navigate to https://sectigo.com/ the browser shows that their certificate is OK. Any idea why?
I have .pkcs12 certificate and after installing it on android (5.0) device it is listing under settings->security->Trusted credentials->User tab.
with the help of below code I could able to list all the certificates including the one in system tab under Trusted credentials but I want only User certificates.
KeyStore keystore = KeyStore.getInstance("AndroidCAStore");
I want to list out only user certificates and show it to user.
Thanks,
Vinod
We are using user certificates for authentication from our mobile application to an F5 server. We have tested the process using a test certificate that we installed and created a keystore to use in creating our SSLContext object. For production we are using a MDM to dynamically create and install the user certificate onto an android device. This I believe is placing the certificate into the /data/misc/keystore location. The problem we are facing is that we cannot access this user certificate and create an SSLContext with it.
In our testing we have verified that the certificate is on the device by installing Open VPN for Android. The certificate shows up under Android Certificates in Open VPN but requires the user to select it (this is not an option for our application, we need to grab the certificate programmatically).
Everything we have found either deals with CA certs (which we can access), or having the .cer or .pfx file and installing and creating the keystore like we were doing with our test certificate.
Is there a way to access user installed certificates to use in creating an SSLContext?
Our Android version is 4.1.2 (API 16).
We are new to android development and any guidance would be appreciated.
Thanks,
Mike
In order to access user credentials stored on the device keystore, you need to get a permission from the user.
Specifically you need to call one of the KeyChain.choosePrivateKeyAlias() (see KeyChain documentation).
Once you have the alias (you'll get it in the KeyChainAliasCallback), you can use (from an Activity or Service):
PrivateKey key = KeyChain.getPrivateKey(this, alias);
X509Certificate[] chain = KeyChain.getCertificateChain(this, alias);
How about using something like:
SSLContext sslContext
= SSLConnections.getSSLContext(keyStoreFile, keyStoreFilePassword);
httpsURLConnection.setSSLSocketFactory(sslContext.getSocketFactory());
Also you can take a look in this link
How do you use a .p12 certificate on Android?
I tried adding it at Menu/Settings/Location and security.
When I do this the certificate disappears from the SD card but when I go to the website that needs the .p12-certificate I just get a connection error.
The certificate, password, and URL are all good. I triple checked them.
I am not the only one with this issue, right? My colleagues with iPad / iPhone can use it easily but on Android it's a pain in the ass. They just double click on the .p12 file, give certificate password, and they are set.
How come it's not like this on Android?
Make sure you copy the certificates to root of SD card.
Click on Settings->Location & Security/Security->(Install from SD card(scroll down -> Credential Storage).
Select the certificate.
Things have changed since the last answer in 2011. I'm doing this from an emulated Pixel 2 running Android R (version 10).
It's now possible to install the certificate from a download or from a google drive. The difference is trivial.
Installation
Settings->Security->Advanced->Encryption & credentials->Install a certificate
Here you'll select the type of certificate you want to install. In my case it's a CA certificate (Certificate Authority) which I use to test some systems.
At this point you'll get a warning screen. It's kind of important as the entire basis of your device's security relies on the integrity of your certificates. If this is messed up, your device will have to be wiped to be secure again.
But I assume you know what you're doing.
tap Install anyway.
You're taken to a screen with files in your Downloads directory. You can scroll around to see the possibilities. You can also click on the hamburger icon in the top left to reveal more options, such as listing your google drive account.
Tap on the certificate file you want to install
You may see a popup dialog will asking you for the password to extract certificates. Hopefully the entity that supplied you with the certificate also gave you a password.
Type in the password and cross your fingers.
If all is well you'll get a Toast saying that the certificate was installed.
Verification
You can view the certificates you have installed by via the following path:
Settings->Security->Advanced->Encryption & credentials->Trusted credentials and then clicking the USER tab.
Removing a certificate is as simple as tapping on it and then tapping the Remove button.
To import the certificate, all I had to do was to use the My Files app (or any app allowing to browse your filesystem), and then click on the p12 file. Once the certificate was imported, the apps requiring it for log-in prompted the option of using it.