Click here to Skip to main content
13,005,991 members (35,202 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


2 bookmarked
Posted 16 Jun 2014

How to Update HTTPS Security Certificate Authority Keystore on pre-android-4.0 Device

, 16 Jun 2014
Rate this:
Please Sign up or sign in to vote.
How to update HTTPS Security Certificate Authority keystore on pre-android-4.0 device

The Problem

I have a Samsung Galaxy S phone with Android 2.3.3 (Gingerbread). This device came out in March 2010 which is ancient in terms of mobile devices, but I am still rather fond of this phone. I began having trouble with certain websites when they changed their certifying authority early in 2013.

This included problems with well known sites such as Facebook and redbox. Many sites would get the security warning 'This certificate is not from a trusted authority'. Also, I had some problems with apps using SSL.

The Details

When looking in logcat, I see something like: No peer certificate

Looking at the example website using my computer's browser on, I noticed the certificate was recently renewed Feb 28, 2013 which is about when I started having problems (the CN listed was from: "Cybertrust Public SureServer SV CA"). Cybertrust now has another CN in Baltimore that is authorizing the new certificate for

You'll need to have root access to your device to do any of these commands. Also note that Android 4.0 has a different mechanism for working with certificates. Getting root access of your device is beyond the scope of this tutorial.

Using adb, I was able to pull the keystore and examine it to check for the certificates I was looking for.

adb pull /system/etc/security/cacerts.bks cacerts.bks

You can examine the keystore on your computer using the Portecle software. Portecle is available from

Select File / Open Keystore... and choose the cacerts.bks file.
Select Tools / Keystore Report and copy that information into a text editor so you can review it.

The Fix

To fix my problem and update my Android 2.3.3 phone certificates, I copied the one from the Android 3.2 emulator and put that on my phone. Android 4.0 devices do not use the same cacerts.bks file so they could not be used to copy from.

  1. Download the updated cacerts.bks file here.
  2. Connect your device to be updated (must be root). You may need to remount the /system folder as rw for read/write capabilities if you have failures on the push procedure.
  3. Save a copy of the old cert file from your device:
    adb pull /system/etc/security/cacerts.bks cacerts.bks.old
  4. Put the updated cert file on your device
    adb push cacerts.bks /system/etc/security/
  5. Reboot the device

Now your device should have access to the updated list of certificates from the new keystore. You can verify this by pulling the cacerts.bks file from the device and comparing it to the original file.

Related Work

Hope you found this guide useful, please drop a note, somewhat funny internet cat picture, or +1 if it helped.
You may also want to check out my WorxForUs Android Database and Networking framework that assists database access and network access and addresses several common pitfalls.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Right Handed Monkey
Chief Technology Officer WorxForUs
United States United States
I am a programmer who posts rambling on about java, Android, PHP, or whatever I am motivated to type on my charcoal colored Kinesis Freestyle2 keyboard. Please send +1's, shared links, warm thoughts of encouragement, or emasculating flames of internet fury to my blog. Thanks for reading!

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170628.1 | Last Updated 16 Jun 2014
Article Copyright 2014 by Right Handed Monkey
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid