How do you use a .p12 certificate on Android?
I tried adding it at Menu/Settings/Location and security.
When I do this the certificate disappears from the SD card but when I go to the website that needs the .p12-certificate I just get a connection error.
The certificate, password, and URL are all good. I triple checked them.
I am not the only one with this issue, right? My colleagues with iPad / iPhone can use it easily but on Android it's a pain in the ass. They just double click on the .p12 file, give certificate password, and they are set.
How come it's not like this on Android?
Make sure you copy the certificates to root of SD card.
Click on Settings->Location & Security/Security->(Install from SD card(scroll down -> Credential Storage).
Select the certificate.
Things have changed since the last answer in 2011. I'm doing this from an emulated Pixel 2 running Android R (version 10).
It's now possible to install the certificate from a download or from a google drive. The difference is trivial.
Installation
Settings->Security->Advanced->Encryption & credentials->Install a certificate
Here you'll select the type of certificate you want to install. In my case it's a CA certificate (Certificate Authority) which I use to test some systems.
At this point you'll get a warning screen. It's kind of important as the entire basis of your device's security relies on the integrity of your certificates. If this is messed up, your device will have to be wiped to be secure again.
But I assume you know what you're doing.
tap Install anyway.
You're taken to a screen with files in your Downloads directory. You can scroll around to see the possibilities. You can also click on the hamburger icon in the top left to reveal more options, such as listing your google drive account.
Tap on the certificate file you want to install
You may see a popup dialog will asking you for the password to extract certificates. Hopefully the entity that supplied you with the certificate also gave you a password.
Type in the password and cross your fingers.
If all is well you'll get a Toast saying that the certificate was installed.
Verification
You can view the certificates you have installed by via the following path:
Settings->Security->Advanced->Encryption & credentials->Trusted credentials and then clicking the USER tab.
Removing a certificate is as simple as tapping on it and then tapping the Remove button.
To import the certificate, all I had to do was to use the My Files app (or any app allowing to browse your filesystem), and then click on the p12 file. Once the certificate was imported, the apps requiring it for log-in prompted the option of using it.
Related
To intercept the api and modify the api response locally, I was setting up ProxyMan to my android device Pixel-4a and faced this popup Install CA certificates in Settings after I tried to hit http://proxy.man/ssl to install the CA certificate from ProxyMan to my device I face the error popup as attached, earlier in my older device it worked fine however for my new device I'm facing this issue, when I click CLOSE on the popup window, a toast message appears : Failed to install certificate.
I'm facing the issue in Pixel 4a, however the same works fine in Moto X-Play, attached is the screenshot of the popup.
Similar question I found is here, however this doesn't helped me, or I was not able to understand the exact issue, since I'm facing this specifically with ProxyMan and the question asked is for VPN.
If anyone using proxyMan for intercepting the api on real android device and faced the same issue please help, I'm blocked on this issue and can't move anywhere in my android device, my precise question is:
Is there any option to reach to the settings where the device certificates are present and how can I add the proxyMan certificate with those certificate?
I got the solution here,
Once I hit the api http://proxy.man/ssl, the certificate were downloaded in my download package however it was not installed automatically since from Android 11 certificate can not be install automatically and user have to install it manually by following steps:
Install a certificate
Open your phone's Settings app.
Tap Security And then Advanced settings and then Encryption & credentials.
Tap Install a certificate And then CA certificate.
In the top left, tap Menu .
Tap where you saved the certificate.[in my case it was downloads]
Tap the file.
If needed, enter the key store password. Tap OK.
Enter a name for the certificate.
Tap OK.
After two hours of research I'm wondering if there's a way to remove ca and user certificates from Android 4.0 (with root access).
The android settings menu is very poor in function (doesn't even have a filter field) and doesn't delete
The only certificate manager I found was CACertMan which hangs on loading certificates.
Any ideas?
I had created an app which would internally generate key pair and use the same to encrypt/decrypt some sample data.
Now my requirement is to use the key pair from an installed certificate on the device to encrypt/decrypt.
To try this I had installed a test certificate which I downloaded from some site. When I installed the certificate, I got message saying that certificate was installed successfully. But I am unable to find that certificate in
Settings→Security→Trusted credentials→System/User.
I don't know whether the certificate really got installed or not.
So I would like to know what is the correct procedure to install a digital certificate on an Android device with 4.1.2 android OS.
So I would like to know what is the correct procedure to install a digital certificate on an Android device with 4.1.2 android OS
From Android Help Center, Working with Certificates:
Install client & CA certificates
To install a certificate from your device's internal storage:
Copy the certificate or key store from your computer to the root of your device's internal storage (that is, not in a folder).
Go to Settings > Personal > Security > Credential storage > Install from storage.
Touch the filename of the certificate or keystore to install. Only certificates that you haven't already installed are displayed.
If prompted, enter the key store password and touch OK.
Enter a name for the certificate and choose either VPN and apps or Wi-Fi in the credential use menu, and touch OK.
Work with CA certificates
Touch Settings > Personal > Security > Credential storage > Trusted credentials. The trusted credentials screen has two tabs:
System displays certificate authority (CA) certificates that are
permanently installed in the ROM of your phone.
User displays any CA certificates that you have installed yourself,
for example in the process of installing a client certificate.
To examine the details of CA certificate, touch its name. A scrolling screen displays the details.
To remove or disable a CA certificate, scroll down to the bottom of the details screen and touch either Disable for system certificates or
Remove for user certificates.
When you disable a system CA certificate, the button at the bottom of
its details screen changes to Enable, so you can enable the
certificate again if necessary. When you remove a user-installed CA
certificate, it is gone permanently and must be re-installed if you
want it back.
In the confirmation dialog that appears, touch OK.
My objective:
Create an EAP WiFi configuration - including the CA Certificate - in Android programmitcally.
Problem:
How do I install a CA Certificate programmatically (and then reference that certificate in the EAP WiFi configuration)?
I found a very useful link already that allows me to create and save EAP WiFi configurations here:
How to programmatically create and read WEP/EAP WiFi configurations in Android?
However this assumes that you have already installed the CA Certificate on the device. I would like to install the certificate within my app - either from the resources in the app, or sent from a server.
Is this even possible? (Rooting is not an option in this case.)
If so, how?
Additional info...
I also found a way to add a certificate to a KeyStore:
https://stackoverflow.com/a/4490543/1172101
However this is used specifically for creating a secure socket and connecting via HTTPS. I want to use the certificate for WiFi.
Unfortunately, I have yet to find a way to install a CA Certificate programmatically - from within the app.
However, it is possible to install a certificate via the Web browser in Android. Thus, the solution (for now) is to:
Launch an intent to open a URL in the Web browser that goes directly to the CA certificate.
This works but there are some challenges:
The user must name the certificate. This is a challenge because we are adding the WiFi configuration programmitically. Thus we have to ask the user to give the certificate the same name.
The user must enter a password. If they don't have a password set up, the user will create one and enter it twice. If they have set a security password, the user will have to remember that same password and enter it.
Assuming the user successfully completes these steps, he is left hanging in the browser.
This leads to a few questions:
From my app, is there a way to force a name for the certificate that the user installs via the browser?
From my app, is there any way to know when the certificate installation has completed and then give focus back to my app?
Just let me know if you need any clarification.
You cannot install it directly since non-system applications don't have access to the key store. On ICS, there is an API for this KeyChain.createInstallIntent() that would launch a system dialog asking the user whether they want to install the certificate. On pre-ICS you can achieve the same thing by launching the install intent using the component name directly (this may or may not work on all devices though). Going through the browser is actually a roundabout way of doing the same thing.
As for your questions:
you cannot specify/force a name. Why do you care about the actual name?
Not really through the browser. If you use the system intent, you can return to your activity and will get a callback if you use startActivityForResult().
Update: Android 4.3 has WifiEnterpriseConfig which both creates a profile and installs keys and certificates in the system credential store. You only need the CHANGE_WIFI_STATE permission.
I am currently looking to solve the same issues. The best thing that I have found is KeyChain.choosePrivateKeyAlias() allowing the user to select which certificate to use for the SSL. From there you can retrieve the Alias name and pass it to the enterprise wifi configuration.
I'm looking for the same... as for your question, #Nikolay:
you cannot specify/force a name. Why do you care about the actual name?
The EAP profile needs the name of the already-installed-CA. If you look at the example in part 4, you can specify:
final String ENTERPRISE_CA_CERT = "";
In the example, the profile does not use the CA name, but that could be the case for other EAP profiles.
Am installing certificate(.pk12) in my galaxy s2 from settings.After installing it shows toast " installed ". After that in my code am opening "/system/etc/security/cacerts.bks" key store and from it i can see number of aliases in keystore is 44 .Regardless of how many number of certificates I install the aliases count does not change. I doubt whether the installed certificates go to this key store itself.How do I confirm it?
Which key store should I read to see the installed certificates.
You cannot do what you're trying to do, unless you root the phone. Importing certificates using the standard interface (settings) only allows you to import certificates for VPN or Wi-Fi connections. To actually modify the system store (cacerts.bks), a system update from the manufacturer must be made to implement the new cacerts.bks file.
Details here:
http://code.google.com/p/android/issues/detail?id=11231#c25
If you root the phone, you can directly modify cacerts.bks, but stock Android does not permit this operation.