Click here to Skip to main content
11,495,743 members (61,389 online)
Click here to Skip to main content

Tagged as

How to Update HTTPS Security Certificate Authority Keystore on pre-android-4.0 Device

, 16 Jun 2014 CPOL 3K 2
Rate this:
Please Sign up or sign in to vote.
How to update HTTPS Security Certificate Authority keystore on pre-android-4.0 device

Editorial Note

This article appears in the Third Party Product Reviews section. Articles in this section are for the members only and must not be used by tool vendors to promote or advertise products in any way, shape or form. Please report any spam or advertising.

The Problem

I have a Samsung Galaxy S phone with Android 2.3.3 (Gingerbread). This device came out in March 2010 which is ancient in terms of mobile devices, but I am still rather fond of this phone. I began having trouble with certain websites when they changed their certifying authority early in 2013.

This included problems with well known sites such as Facebook and redbox. Many sites would get the security warning 'This certificate is not from a trusted authority'. Also, I had some problems with apps using SSL.

The Details

When looking in logcat, I see something like:

javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

Looking at the example website using my computer's browser on https://www.redbox.com, I noticed the certificate was recently renewed Feb 28, 2013 which is about when I started having problems (the CN listed was from: "Cybertrust Public SureServer SV CA"). Cybertrust now has another CN in Baltimore that is authorizing the new certificate for redbox.com.

You'll need to have root access to your device to do any of these commands. Also note that Android 4.0 has a different mechanism for working with certificates. Getting root access of your device is beyond the scope of this tutorial.

Using adb, I was able to pull the keystore and examine it to check for the certificates I was looking for.

adb pull /system/etc/security/cacerts.bks cacerts.bks

You can examine the keystore on your computer using the Portecle software. Portecle is available from http://portecle.sourceforge.net/.

Select File / Open Keystore... and choose the cacerts.bks file.
Select Tools / Keystore Report and copy that information into a text editor so you can review it.

The Fix

To fix my problem and update my Android 2.3.3 phone certificates, I copied the one from the Android 3.2 emulator and put that on my phone. Android 4.0 devices do not use the same cacerts.bks file so they could not be used to copy from.

  1. Download the updated cacerts.bks file here.
  2. Connect your device to be updated (must be root). You may need to remount the /system folder as rw for read/write capabilities if you have failures on the push procedure.
  3. Save a copy of the old cert file from your device:
    adb pull /system/etc/security/cacerts.bks cacerts.bks.old
  4. Put the updated cert file on your device
    adb push cacerts.bks /system/etc/security/
  5. Reboot the device

Now your device should have access to the updated list of certificates from the new keystore. You can verify this by pulling the cacerts.bks file from the device and comparing it to the original file.

Related Work

Hope you found this guide useful, please drop a note, somewhat funny internet cat picture, or +1 if it helped.
You may also want to check out my WorxForUs Android Database and Networking framework that assists database access and network access and addresses several common pitfalls.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Right Handed Monkey
Chief Technology Officer WorxForUs
United States United States
I am a programmer who posts rambling on about java, Android, PHP, or whatever I am motivated to type on my charcoal colored Kinesis Freestyle2 keyboard. Please send +1's, shared links, warm thoughts of encouragement, or emasculating flames of internet fury to my blog. Why not? In fact, say anything... but please don't say 'thank'. I don't know, but something about it makes my skin crawl like an electric eel is asking to give me a kiss. No, thanks. (See there's an 's' in there. Was that really so hard?

righthandedmonkey.com
Follow on   Google+   LinkedIn

Comments and Discussions

 
-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.150520.1 | Last Updated 16 Jun 2014
Article Copyright 2014 by Right Handed Monkey
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid